Volerion logoVolerion
Volerion logoVolerion

Linux Kernel vhost VDPA Group Bound Check Vulnerability

Vulnerability

A vulnerability in the Linux kernel's vhost component related to Virtual Data Path Accelerated (VDPA) devices has been addressed. The issue involved improper group bound checks, which could lead to out-of-bounds writes. This vulnerability was particularly relevant for the mlx5 VDPA simulation driver.

Impact

Exploitation of this vulnerability could lead to out-of-bounds memory writes, potentially causing memory corruption.

Reproduction

The vulnerability can be reproduced by assigning a valid Address Space Identifier (ASID) to a VDPA group that is equal to the number of groups, which triggers an out-of-bounds write. This can be done through the vhost VDPA interface by sending a command that includes the group index and ASID.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.

Added: May 6, 2026, 12:59 PM
Updated: May 6, 2026, 12:59 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.3
remediation
7.7
relevance
7.2
threat
4.8
urgency
2.9
incentive
0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.