CVE-2026-45890
Published: May 27, 2026
Modified: May 27, 2026
Description
In the Linux kernel, the following vulnerability has been resolved: xen-netback: reject zero-queue configuration from guest A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect() function in the backend only validates the upper bound (requested_num_queues > xenvif_max_queues) but not zero, allowing requested_num_queues=0 to reach vzalloc(array_size(0, sizeof(struct xenvif_queue))), which triggers WARN_ON_ONCE(!size) in __vmalloc_node_range(). On systems with panic_on_warn=1, this allows a guest-to-host denial of service. The Xen network interface specification requires the queue count to be "greater than zero". Add a zero check to match the validation already present in xen-blkback, which has included this guard since its multi-queue support was added.
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 8d3d53b3e43363e79ab9a9ecc149b06c1314b25d - < 2993e0f904c45f8af12917344bb1cac7ccd05a60affected 8d3d53b3e43363e79ab9a9ecc149b06c1314b25d - < 787bfa423228c4b02ba3368128f625d579085353affected 8d3d53b3e43363e79ab9a9ecc149b06c1314b25d - < ce66d6786de45b7ed9cbbdc0988054bf09e58f54affected 8d3d53b3e43363e79ab9a9ecc149b06c1314b25d - < 88b0fced1bbbfdb356a007592604008ffc93a6a1affected 8d3d53b3e43363e79ab9a9ecc149b06c1314b25d - < ec4859ac5c933e3315543a61adc1ca4358006a41+3 more versions |
Linux | Linux | affected 3.16unaffected 0 - < 3.16unaffected 5.10.252 - <= 5.10.*unaffected 5.15.202 - <= 5.15.*unaffected 6.1.165 - <= 6.1.*+5 more versions |
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now