CVE-2026-45890

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> xen-netback: reject zero-queue configuration from guest<br /> <br /> A malicious or buggy Xen guest can write "0" to the xenbus key<br /> "multi-queue-num-queues". The connect() function in the backend only<br /> validates the upper bound (requested_num_queues &gt; xenvif_max_queues)<br /> but not zero, allowing requested_num_queues=0 to reach<br /> vzalloc(array_size(0, sizeof(struct xenvif_queue))), which triggers<br /> WARN_ON_ONCE(!size) in __vmalloc_node_range().<br /> <br /> On systems with panic_on_warn=1, this allows a guest-to-host denial<br /> of service.<br /> <br /> The Xen network interface specification requires<br /> the queue count to be "greater than zero".<br /> <br /> Add a zero check to match the validation already present<br /> in xen-blkback, which has included this<br /> guard since its multi-queue support was added.