CVE-2026-53322
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/06/2026
Last modified:
30/06/2026
Description
In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
vfio/pci: Clean up DMABUFs before disabling function<br />
<br />
On device shutdown, make vfio_pci_core_close_device() call<br />
vfio_pci_dma_buf_cleanup() before the function is disabled via<br />
vfio_pci_core_disable(). This ensures that all access via DMABUFs is<br />
revoked before the function&#39;s BARs become inaccessible.<br />
<br />
This fixes an issue where, if the function is disabled first, a tiny<br />
window exists in which the function&#39;s MSE is cleared and yet BARs<br />
could still be accessed via the DMABUF. The resources would also be<br />
freed and up for grabs by a different driver.
Impact
Base Score 3.x
8.80
Severity 3.x
HIGH
References to Advisories, Solutions, and Tools
- https://git.kernel.org/stable/c/4f1000a30f67cf7d328059242776a858611d5ef9
- https://git.kernel.org/stable/c/d97708701434ce72968e771976aaf9d3438fcafd
- https://access.redhat.com/security/cve/CVE-2026-53322
- https://bugzilla.redhat.com/show_bug.cgi?id=2493709
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53322.json



