CVE-2026-53133
Analyzed Analyzed - Analysis Complete

RDMA/umem DMA Address Truncation in Linux Kernel

Vulnerability report for CVE-2026-53133, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-07

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes >= 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When __rdma_block_iter_next() reassembles the split SG entries it is overflowing the 32 bit stack values and computed the wrong DMA addresses for blocks after the truncation. Use the right types to hold DMA addresses.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-07
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.176 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.143 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.210 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.36 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.94 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.2 (inc) to 5.10.259 (exc)
linux linux_kernel 7.1

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-681 When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's RDMA/umem subsystem. It involves an issue with handling large block sizes (greater than or equal to 4GB) when the IOMMU is used. Specifically, the linearization of the memory mapping can produce a single large block that is split across multiple scatter-gather (SG) entries. The function __rdma_block_iter_next() that reassembles these split SG entries overflows 32-bit stack values, causing incorrect computation of DMA addresses for blocks after the truncation. The fix involves using the correct data types to hold DMA addresses to prevent this overflow.

Impact Analysis

This vulnerability can lead to incorrect DMA address calculations when handling large memory blocks in RDMA operations. Such incorrect address computations may cause data corruption, system instability, or unexpected behavior in systems relying on RDMA with IOMMU enabled. This could impact the reliability and integrity of data transfers in affected Linux kernel environments.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53133. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart