Null Pointer Dereference Vulnerability in Linux Kernel IOMMU Component
CVE-2026-53281

8.8HIGH

Key Information:

Vendor

Linux

Status
Vendor
CVE Published:
26 June 2026

What is CVE-2026-53281?

A vulnerability in the Linux kernel's IOMMU subsystem could lead to system instability and security risks due to improper handling of device PASID references. When a device's PASID is not present in the dev_pasids list, a NULL reference may occur during teardown operations. This could trigger a NULL pointer dereference or result in refcount corruption, ultimately posing threats such as use-after-free conditions for devices still attached to the domain. Early termination of these operations upon detecting a NULL reference is essential to prevent potential exploits.

Affected Version(s)

Linux 60f030f7418d3f1d94f2fb207fe3080e1844630b < 9022cb9ac0c2a72a57fa8ebf92ac74f953ca0153

Linux 60f030f7418d3f1d94f2fb207fe3080e1844630b

Linux 60f030f7418d3f1d94f2fb207fe3080e1844630b < 79ea2feb917b05366b49d85573c9c5331f043b2c

References

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.