CVE-2026-53217
Analyzed Analyzed - Analysis Complete

Linux Kernel Memory Corruption in mvpp2 Driver

Vulnerability report for CVE-2026-53217, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-07-02

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: sync RX data at the hardware packet offset mvpp2 programs the RX queue packet offset, so hardware writes received data at dma_addr + MVPP2_SKB_HEADROOM. The current CPU sync starts at dma_addr and only covers rx_bytes + MVPP2_MH_SIZE bytes, which syncs the unused headroom and misses the same number of bytes at the packet tail. On non-coherent DMA systems this can leave the CPU reading stale cache contents for the end of the received frame. Use dma_sync_single_range_for_cpu() with MVPP2_SKB_HEADROOM as the range offset so the sync covers the Marvell header and packet data actually written by hardware.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-07-02
Generated
2026-07-15
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 14 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.16 (inc) to 6.1.176 (exc)
linux linux_kernel From 6.2 (inc) to 6.6.143 (exc)
linux linux_kernel From 5.11 (inc) to 5.15.210 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.36 (exc)
linux linux_kernel From 6.7 (inc) to 6.12.94 (exc)
linux linux_kernel From 6.19 (inc) to 7.0.13 (exc)
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 5.5 (inc) to 5.10.259 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's mvpp2 network driver. The issue arises because the driver programs the RX queue packet offset so that hardware writes received data at a specific memory address offset (dma_addr + MVPP2_SKB_HEADROOM). However, the CPU synchronization currently starts at dma_addr and only covers a certain number of bytes, which results in syncing unused headroom but missing the actual packet tail data.

On systems with non-coherent DMA, this causes the CPU to potentially read stale cache data for the end of the received network frame, leading to incorrect or outdated data being processed.

The fix involves using dma_sync_single_range_for_cpu() with the correct offset (MVPP2_SKB_HEADROOM) to ensure the synchronization covers the entire packet data and header actually written by the hardware.

Impact Analysis

This vulnerability can cause the CPU to read stale or outdated data from the network packet's tail on non-coherent DMA systems. This means that the data processed by the system may be incorrect or incomplete, potentially leading to network communication errors, data corruption, or unexpected behavior in applications relying on accurate network data.

Mitigation Strategies

The vulnerability is related to improper synchronization of RX data in the mvpp2 driver on non-coherent DMA systems, which can cause the CPU to read stale cache contents.

To mitigate this vulnerability, ensure that the Linux kernel version you are using includes the fix that uses dma_sync_single_range_for_cpu() with MVPP2_SKB_HEADROOM as the range offset. This change properly synchronizes the Marvell header and packet data written by hardware.

Therefore, the immediate step is to update your Linux kernel to a version that contains this fix.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53217. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart