CVE-2026-53322

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before the function is disabled via vfio_pci_core_disable(). This ensures that all access via DMABUFs is revoked before the function's BARs become inaccessible. This fixes an issue where, if the function is disabled first, a tiny window exists in which the function's MSE is cleared and yet BARs could still be accessed via the DMABUF. The resources would also be freed and up for grabs by a different driver.
Configurations

No configuration.

History

30 Jun 2026, 03:20

Type Values Removed Values Added
References
  • () https://access.redhat.com/security/cve/CVE-2026-53322 -
  • () https://bugzilla.redhat.com/show_bug.cgi?id=2493709 -
  • () https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53322.json -
CWE CWE-826

28 Jun 2026, 08:16

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 8.8

26 Jun 2026, 20:17

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-26 20:17

Updated : 2026-06-30 14:44


NVD link : CVE-2026-53322

Mitre link : CVE-2026-53322

CVE.ORG link : CVE-2026-53322


JSON object : View

Products Affected

No product.

CWE
CWE-826

Premature Release of Resource During Expected Lifetime