CVE-2026-53322
Received Received - Intake
Memory Leak in Linux Kernel VFIO PCI Driver

Publication date: 2026-06-26

Last updated on: 2026-06-26

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before the function is disabled via vfio_pci_core_disable(). This ensures that all access via DMABUFs is revoked before the function's BARs become inaccessible. This fixes an issue where, if the function is disabled first, a tiny window exists in which the function's MSE is cleared and yet BARs could still be accessed via the DMABUF. The resources would also be freed and up for grabs by a different driver.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-26
Last Modified
2026-06-26
Generated
2026-06-27
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-53322
EUVD
EUVD-2026-39857
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in the Linux kernel's vfio/pci component. It involves the improper cleanup of DMABUFs (Direct Memory Access buffers) before disabling a device function during shutdown.

Specifically, the function vfio_pci_core_close_device() should call vfio_pci_dma_buf_cleanup() before the device function is disabled via vfio_pci_core_disable(). Without this cleanup, there is a small window where the device's Memory Space Enable (MSE) bit is cleared, but the device's Base Address Registers (BARs) can still be accessed through DMABUFs.

This means that resources could still be accessed or manipulated even though the function is supposed to be disabled, and those resources could be freed and potentially taken over by a different driver.

Impact Analysis

This vulnerability can lead to unauthorized access to device memory regions after the device function is supposed to be disabled.

Because the device's BARs remain accessible via DMABUFs during a small window, an attacker or malicious driver could potentially access or manipulate these resources, leading to data corruption, information leakage, or interference with device operation.

Additionally, since the resources could be freed and reassigned to a different driver, this could cause conflicts or security issues in the system.

Mitigation Strategies

The vulnerability is fixed by ensuring that the Linux kernel calls vfio_pci_dma_buf_cleanup() before disabling the function via vfio_pci_core_disable() during device shutdown.

To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53322. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart