CVE-2026-53280

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026

Description

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu: Fix NULL group-&gt;domain dereference in pci_dev_reset_iommu_done()<br /> <br /> Local sashiko review pointed it out that group-&gt;domain could be NULL when<br /> a default domain fails to allocate during the first probe, which can crash<br /> at domain-&gt;ops-&gt;attach_dev dereference in __iommu_attach_device() invoked<br /> by pci_dev_reset_iommu_done().<br /> <br /> pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL.<br /> <br /> Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.

Impact