On Wed, Jan 14, 2026 at 4:34 PM Maxime Coquelin <[email protected]> wrote: > > This series contains 3 fixes for issues spotted by Claude Code. > > The first one is to avoid out-of-bound accesses in virtqueues array > in the case we have the maximum supported queue pairs and control queue. > > Second one is a security issue that could result in theory in a denial > of service, but a CVE was not created because the control queue support > cannot currently be negotiated with the Kernel VDUSE driver. > > Last patch is fixing mmap error handling in the VDUSE IOTLB miss handler. > > Maxime Coquelin (3): > vhost: fix virtqueue array size for control queue > vhost: fix descriptor chain bounds check in control queue > vhost: fix mmap error check in VDUSE IOTLB miss handler > > Changes in v2: > ============== > - use post-increment for readability and consistency. > > lib/vhost/vduse.c | 5 +++-- > lib/vhost/vhost.h | 5 +++-- > lib/vhost/virtio_net_ctrl.c | 22 ++++++++++++++++++++-- > 3 files changed, 26 insertions(+), 6 deletions(-) > > -- > 2.52.0 >
Applied to next-virtio/for-next-net. Thanks, Maxime
