CVE-2026-31735

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommupt: Fix short gather if the unmap goes into a large mapping<br /> <br /> unmap has the odd behavior that it can unmap more than requested if the<br /> ending point lands within the middle of a large or contiguous IOPTE.<br /> <br /> In this case the gather should flush everything unmapped which can be<br /> larger than what was requested to be unmapped. The gather was only<br /> flushing the range requested to be unmapped, not extending to the extra<br /> range, resulting in a short invalidation if the caller hits this special<br /> condition.<br /> <br /> This was found by the new invalidation/gather test I am adding in<br /> preparation for ARMv8. Claude deduced the root cause.<br /> <br /> As far as I remember nothing relies on unmapping a large entry, so this is<br /> likely not a triggerable bug.