CVE-2026-53280
Analyzed Analyzed - Analysis Complete

NULL Domain Dereference in Linux Kernel IOMMU

Vulnerability report for CVE-2026-53280, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-26

Last updated on: 2026-07-08

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() Local sashiko review pointed it out that group->domain could be NULL when a default domain fails to allocate during the first probe, which can crash at domain->ops->attach_dev dereference in __iommu_attach_device() invoked by pci_dev_reset_iommu_done(). pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL. Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-26
Last Modified
2026-07-08
Generated
2026-07-17
AI Q&A
2026-06-26
EPSS Evaluated
2026-07-15
NVD
EUVD

Affected Vendors & Products

Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel 7.1
linux linux_kernel From 7.0 (inc) to 7.0.10 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-476 The product dereferences a pointer that it expects to be valid but is NULL.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's IOMMU subsystem. Specifically, it involves a NULL pointer dereference issue in the function pci_dev_reset_iommu_done().

The problem occurs because the group->domain pointer can be NULL if a default domain fails to allocate during the first probe. When this happens, the kernel attempts to dereference domain->ops->attach_dev in the __iommu_attach_device() function, which leads to a crash.

The fix involves skipping the re-attachment step in pci_dev_reset_iommu_done() when the domain pointer is NULL, preventing the crash.

Impact Analysis

This vulnerability can cause the Linux kernel to crash due to a NULL pointer dereference in the IOMMU reset process. Such a crash can lead to system instability or denial of service.

Mitigation Strategies

The vulnerability is fixed by skipping the re-attach in pci_dev_reset_iommu_done() to avoid NULL pointer dereference. Therefore, the immediate step to mitigate this vulnerability is to update the Linux kernel to a version that includes this fix.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53280. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart