CVE Catalog

CVE-2026-53322

HighCVSS 8.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.18%

8th percentile — higher than 8% of all known CVEs

Summary

In the Linux kernel, a vulnerability was found in the vfio/pci driver where during device shutdown, vfio_pci_core_close_device() did not clean up DMABUFs before disabling the PCI function. This created a small time window where after clearing the MSE (Memory Space Enable) bit, BARs could still be accessed via DMABUF, and resources could be taken over by another driver.

Risk Assessment

The organization is at risk of potential data leakage or system integrity compromise, as in a short time window after the PCI function is disabled, unauthorized access to BAR memory via DMABUF may continue, and freed resources could be reused by another driver.

Recommendation

Immediately update the Linux kernel to a version containing the fix that ensures vfio_pci_dma_buf_cleanup() is called before vfio_pci_core_disable() in vfio_pci_core_close_device().

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before the function is disabled via vfio_pci_core_disable(). This ensures that all access via DMABUFs is revoked before the function's BARs become inaccessible. This fixes an issue where, if the function is disabled first, a tiny window exists in which the function's MSE is cleared and yet BARs could still be accessed via the DMABUF. The resources would also be freed and up for grabs by a different driver.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS