In the Linux kernel, the following vulnerability has been resolved: vhost: move vdpa group bound check to vhost_vdpa Remove duplication by consolidating these here. This reduces the posibility of a parent driver missing them. While we're at it, fix a bug in vdpa_sim where a valid ASID can be assigned to a group equal to ngroups, causing an out of bound write.

A flaw was found in the Linux kernel's vhost subsystem. Specifically, a bug in the `vdpa_sim` component allows for an out-of-bounds write when a valid ASID (Address Space ID) is incorrectly assigned to a vDPA (virtio Data Path Acceleration) group. This could lead to memory corruption, potentially resulting in a denial of service or other system instability.

Red Hat Enterprise Linux 10 Affected kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Not affected kernel Red Hat Enterprise Linux 8 Not affected kernel-rt Red Hat Enterprise Linux 9 Affected kernel Red Hat Enterprise Linux 9 Affected kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-43248 https://nvd.nist.gov/vuln/detail/CVE-2026-43248 https://lore.kernel.org/linux-cve-announce/2026050602-CVE-2026-43248-7506@gregkh/T