CVE-2026-53280
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()<br />
<br />
Local sashiko review pointed it out that group->domain could be NULL when<br />
a default domain fails to allocate during the first probe, which can crash<br />
at domain->ops->attach_dev dereference in __iommu_attach_device() invoked<br />
by pci_dev_reset_iommu_done().<br />
<br />
pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL.<br />
<br />
Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.



