550 matches found
SUSE CVE-2026-45890
In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...
CVE-2026-45890
A flaw was found in the Linux kernel's xen-netback component. A malicious or buggy Xen guest can exploit this by writing a zero value to the 'multi-queue-num-queues' xenbus key. This improper input validation can trigger a warning in the kernel's memory allocation, leading to a guest-to-host Deni...
EUVD-2026-32356
In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...
CVE-2026-45890
In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...
UBUNTU-CVE-2026-45890
In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...
CVE-2026-45890 xen-netback: reject zero-queue configuration from guest
In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...
CVE-2026-45890
In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect function in the backend only validates the upper bound requestednumqueue...
CVE-2026-45890
The CVE-2026-45890 issue affects the Linux kernel Xen-netback. A Xen guest can set multi-queue-num-queues to 0; the connect() validation checks only the upper bound (requested_num_queues > xenvif_max_queues) and does not reject zero. This can reach vzalloc(array_size(0, sizeof(struct xenvif_qu...
Linux Distros Unpatched Vulnerability : CVE-2026-45890
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write 0 to the xenbus key multi-queue-num-queues. The connect functio...
PT-2026-43757
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw in the xen-netback component allows a malicious or buggy Xen guest to cause a guest-to-host denial of service on systems where panic on warn is set to 1. The issue occurs because...
Linux kernel 安全漏洞
The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the xen-netback backend not verifying that the queue number is zero, potentially leading to a...
CVE-2026-45890
xen-netback: reject zero-queue configuration from guest...
Astra Linux - уязвимость в linux, linux-5.10
Guests can trigger the reset/abort/crash of the NIC interface through netback. It is possible for a guest to trigger a NIC interface reset/abort/crash in a Linux-based network backend by sending certain types of packets. It seems to be an unstated assumption in the rest of the Linux network stack...
Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15
In the Linux kernel, the following vulnerability has been resolved: xenvifrxnextskb: Avoid entering this function with an empty rx queue. xenvifrxnextskb expects that the rx queue is not empty. However, if the loop in xenvifrxaction performs multiple iterations, the availability of another skb in...
Astra Linux – Vulnerability in Linux, Linux 5.10
A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...
Astra Linux – Vulnerability in Linux, Linux 5.10
A guest can force the Linux netback driver to consume a large amount of kernel memory. This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVEs. Incoming data packets for a guest in the Linux kernel’s netback driver are buffere...
Astra Linux – Vulnerability in Linux
A issue was discovered in the Linux kernel through version 5.11.3, when it was used with Xen PV. A certain part of the netback driver lacks proper handling of errors, such as failed memory allocations as a result of changes to the way errors related to grant mapping are handled. A denial-of-servi...
Astra Linux – Vulnerability in Linux 5.10, Linux
The fix for XSA-423 added logic to the Linux’ netback driver to handle cases where a packet is split by a frontend, resulting in not all of the headers being together in one piece. Unfortunately, the introduced logic did not account for the extreme case where the entire packet is split into as ma...
Unity Linux 20.1050e Security Update: kernel (UTSA-2026-005139)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005139 advisory. In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvifflushhash During the listforeachentryrcu iteration call of...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003978)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003978 advisory. Guests can trigger deadlock in Linux netback driver This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond ...