CVE-2026-53118

A flaw was found in the Linux kernel's vdpa driver. This vulnerability occurs because a specific field, driveroverride, is accessed without proper locking during the driver's initialization process. An attacker could exploit this Use-After-Free UAF condition to potentially execute arbitrary code ...

Astra Linux – Vulnerability found in Linux 5.10, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: vdpa: Added a max vqp attr to vdpanlpolicy for checking nlattr lengths. The vdpanlpolicy structure is used to validate the nlattr during the parsing of incoming nlmsg. It ensures that the described attribute produces a valid nlat...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: vdpasim: A possible memory leak was fixed in vdpasimnetinit and vdpasimblkinit. When a fault is injected while probing a module, if deviceregister fails in vdpasimnetinit or vdpasimblkinit, and the refcount of kobject is not...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: added validation for the VIRTIONETCTRLMQVQPAIRSSET command When the control vq receives a VIRTIONETCTRLMQVQPAIRSSET command request from the driver, there is currently no validation of the number of queue pairs to be...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vpvdpa: fixed the crash that occurs when the vpvdpa device is unplugged suddenly. When the vpvdpa device is unplugged, it triggers a kernel panic. The root cause is that vdpamgmtdevunregister will access modern devices, leadin...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: virtio-vdpa: Fixed a cpumask memory leak in virtiovdpafindvqs Free the cpumask allocated by createaffinitymasks before returning from the function...

Astra Linux - уязвимость в linux-5.10

An integer overflow flaw was discovered in the Linux kernel’s virtio device driver code, where a user triggers the vhostvdpaconfigvalidate function. This flaw allows a local user to crash the system or potentially escalate their privileges on the system...

Astra Linux - уязвимость в linux-5.10, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: vdpa: Added a queue index attr to the vdpanlpolicy structure for checking nlattr lengths. The vdpanlpolicy structure is used to validate the nlattr during the parsing of incoming nlmsg messages. It ensures that the described...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vdpa: fixed a use-after-free in vpvdparemove. When the vpvdpa driver is unbound, vpvdpa is freed in vdpaunregisterdevice, and then vpvdpa-mdev.pcidev is dereferenced in vpmodernremove, triggering a use-after-free. Call trace for...

SUSE CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

CVE-2026-43248

A flaw was found in the Linux kernel's vhost subsystem. Specifically, a bug in the vdpasim component allows for an out-of-bounds write when a valid ASID Address Space ID is incorrectly assigned to a vDPA virtio Data Path Acceleration group. This could lead to memory corruption, potentially...

EUVD-2026-27809

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

CVE-2026-43248

In the Linux kernel vhost subsystem, CVE-2026-43248 stems from a vdpa_sim bug that could assign a valid ASID to a group equal to ngroups, causing an out-of-bounds write and memory instability. Multiple reports confirm a patch to move the vdpa group bound check into vhost_vdpa and to fix the out-o...

CVE-2026-43248

In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhostvdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpasim where a valid ASID can be assign...

PT-2026-37588

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description An issue exists in the vhost component where the vdpa group bound check was duplicated, increasing the risk of a parent driver omitting the check. Additionally, a bug in vdpa sim allows ...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the lack of group boundary checks in the vdpasim driver. This vulnerability may lead to...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: vhost-vdpa: fixed an iotlb memory leak Before commit 3d5698793897 “vhost-vdpa: introduced ASID-based IOTLB”, we called vhostvdpaiotlbunmapv, iotlb, 0ULL, 0ULL – 1 during the release phase to free all resources allocated when...

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: vdpasimblk: The number of address spaces and virtqueue groups was set. The commit bda324fd037a “vdpasim: control virtqueue support” added two new fields nas, ngroups to vdpasimdevattr, but we forgot to initialize them for...