Vulnerability in Linux Kernel Affecting VFIO PCI Functionality
CVE-2026-53322

Currently unrated

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 26 June 2026

What is CVE-2026-53322?

A vulnerability in the Linux kernel related to the VFIO PCI subsystem may pose risks during device shutdown processes. Specifically, when a device is shutting down, the function responsible for disabling it fails to properly clean up DMABUFs before the function is disabled. This oversight creates a brief window where access to the function's Memory Space Elements (MSE) is revoked but its Base Address Registers (BARs) may still be accessible through DMABUFs. Consequently, this could allow resources to be freed and potentially misused by other drivers, leading to unintended behavior or security challenges.

Affected Version(s)

Linux 5d74781ebc86c5fa9e9d6934024c505412de9b52 < 4f1000a30f67cf7d328059242776a858611d5ef9

Linux 5d74781ebc86c5fa9e9d6934024c505412de9b52

Linux 6.19

References

https://git.kernel.org/stable/c/4f1000a30f67cf7d328059242...

https://git.kernel.org/stable/c/d97708701434ce72968e77197...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 26, 2026
Vulnerability Reserved
Jun 9, 2026

CVE-2026-53322 Data

JSON