CVE-2026-53322
Gravedad CVSS v3.1:
ALTA
Tipo:
No Disponible / Otro tipo
Fecha de publicación:
26/06/2026
Última modificación:
30/06/2026
Descripción
*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br />
<br />
vfio/pci: Clean up DMABUFs before disabling function<br />
<br />
On device shutdown, make vfio_pci_core_close_device() call<br />
vfio_pci_dma_buf_cleanup() before the function is disabled via<br />
vfio_pci_core_disable(). This ensures that all access via DMABUFs is<br />
revoked before the function&#39;s BARs become inaccessible.<br />
<br />
This fixes an issue where, if the function is disabled first, a tiny<br />
window exists in which the function&#39;s MSE is cleared and yet BARs<br />
could still be accessed via the DMABUF. The resources would also be<br />
freed and up for grabs by a different driver.
Impacto
Puntuación base 3.x
8.80
Gravedad 3.x
ALTA
Referencias a soluciones, herramientas e información
- https://git.kernel.org/stable/c/4f1000a30f67cf7d328059242776a858611d5ef9
- https://git.kernel.org/stable/c/d97708701434ce72968e771976aaf9d3438fcafd
- https://access.redhat.com/security/cve/CVE-2026-53322
- https://bugzilla.redhat.com/show_bug.cgi?id=2493709
- https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-53322.json



