In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
Local sashiko review pointed it out that group->domain could be NULL when
a default domain fails to allocate during the first probe, which can crash
at domain->ops->attach_dev dereference in __iommu_attach_device() invoked
by pci_dev_reset_iommu_done().
pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL.
Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.
References
Configurations
Configuration 1 (hide)
|
History
08 Jul 2026, 03:58
| Type | Values Removed | Values Added |
|---|---|---|
| CWE | CWE-476 | |
| References | () https://git.kernel.org/stable/c/17194cd0dd236e732d116d50840d795ca50ef196 - Patch | |
| References | () https://git.kernel.org/stable/c/d769711fcddd005f1e654b3bde547140917fe696 - Patch | |
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
| CPE | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc2:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc1:*:*:*:*:*:* cpe:2.3:o:linux:linux_kernel:7.1:rc3:*:*:*:*:*:* |
|
| First Time |
Linux linux Kernel
Linux |
26 Jun 2026, 20:17
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-06-26 20:17
Updated : 2026-07-08 03:58
NVD link : CVE-2026-53280
Mitre link : CVE-2026-53280
CVE.ORG link : CVE-2026-53280
JSON object : View
Products Affected
linux
- linux_kernel
CWE
CWE-476
NULL Pointer Dereference
