CVE-2026-53372
Received Received - Intake

Dirty Page Tracking Bypass in Linux Kernel IOMMU

Vulnerability report for CVE-2026-53372, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-19

Last updated on: 2026-07-19

Assigner: kernel.org

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Block PASID attachment to nested domain with dirty tracking Kernel lacks dirty tracking support on nested domain attached to PASID, fails the attachment early if nesting parent domain is dirty tracking configured, otherwise dirty pages would be lost.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-19
Last Modified
2026-07-19
Generated
2026-07-19
AI Q&A
2026-07-19
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel *

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability in the Linux kernel involves a flaw in the Input-Output Memory Management Unit (IOMMU) subsystem, specifically with Intel's Virtualization Technology for Directed I/O (VT-d). The issue occurs when a PASID (Process Address Space ID) is attached to a nested domain that supports dirty tracking. The kernel fails to block this attachment properly, which could lead to loss of dirty page tracking in nested domains.

Detection Guidance

This vulnerability is specific to the Linux kernel's IOMMU subsystem and requires kernel-level inspection. Detection involves checking kernel logs for IOMMU-related errors or verifying if nested PASID domains are improperly configured. Commands like dmesg | grep -i iommu or journalctl -k | grep -i pasid may help identify related errors.

Impact Analysis

If exploited, this vulnerability could allow an attacker to bypass memory isolation mechanisms, potentially leading to unauthorized access to sensitive data or privilege escalation. Systems using VT-d with nested virtualization and dirty tracking enabled are at risk of memory corruption or data loss.

Compliance Impact

This vulnerability does not directly affect compliance with GDPR, HIPAA, or similar standards as it pertains to a low-level kernel memory management issue without clear implications for data protection or privacy regulations.

Mitigation Strategies

Update the Linux kernel to a patched version that resolves this vulnerability. Check your distribution's security advisories for the latest kernel updates addressing CVE-2026-53372.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-53372. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart