Null Pointer Dereference Vulnerability in Linux Kernel IOMMU Component
CVE-2026-53281
What is CVE-2026-53281?
A vulnerability in the Linux kernel's IOMMU subsystem could lead to system instability and security risks due to improper handling of device PASID references. When a device's PASID is not present in the dev_pasids list, a NULL reference may occur during teardown operations. This could trigger a NULL pointer dereference or result in refcount corruption, ultimately posing threats such as use-after-free conditions for devices still attached to the domain. Early termination of these operations upon detecting a NULL reference is essential to prevent potential exploits.
Affected Version(s)
Linux 60f030f7418d3f1d94f2fb207fe3080e1844630b < 9022cb9ac0c2a72a57fa8ebf92ac74f953ca0153
Linux 60f030f7418d3f1d94f2fb207fe3080e1844630b
Linux 60f030f7418d3f1d94f2fb207fe3080e1844630b < 79ea2feb917b05366b49d85573c9c5331f043b2c