CVE-2026-45890

Source
https://cve.org/CVERecord?id=CVE-2026-45890
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45890.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-45890
Downstream
Published
2026-05-27T12:17:01.466Z
Modified
2026-06-27T11:55:07.790384633Z
Summary
xen-netback: reject zero-queue configuration from guest
Details

In the Linux kernel, the following vulnerability has been resolved:

xen-netback: reject zero-queue configuration from guest

A malicious or buggy Xen guest can write "0" to the xenbus key "multi-queue-num-queues". The connect() function in the backend only validates the upper bound (requestednumqueues > xenvifmaxqueues) but not zero, allowing requestednumqueues=0 to reach vzalloc(arraysize(0, sizeof(struct xenvifqueue))), which triggers WARNONONCE(!size) in __vmallocnoderange().

On systems with paniconwarn=1, this allows a guest-to-host denial of service.

The Xen network interface specification requires the queue count to be "greater than zero".

Add a zero check to match the validation already present in xen-blkback, which has included this guard since its multi-queue support was added.

Database specific
{
    "cna_assigner": "Linux",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45890.json"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
8d3d53b3e43363e79ab9a9ecc149b06c1314b25d
Fixed
2993e0f904c45f8af12917344bb1cac7ccd05a60
Fixed
787bfa423228c4b02ba3368128f625d579085353
Fixed
ce66d6786de45b7ed9cbbdc0988054bf09e58f54
Fixed
88b0fced1bbbfdb356a007592604008ffc93a6a1
Fixed
ec4859ac5c933e3315543a61adc1ca4358006a41
Fixed
654780dee9eae419e1648ea58462c4efe54518fa
Fixed
d99f69ddc70fd9f4b8148add62209a1a8eb5c615
Fixed
6d1dc8014334c7fb25719999bca84d811e60a559

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45890.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.16.0
Fixed
5.10.252
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.202
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.165
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.128
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.75
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-45890.json"