CVE-2026-53053 (GCVE-0-2026-53053)

Vulnerability from cvelistv5 – Published: 2026-06-24 16:29 – Updated: 2026-06-28 06:38
VLAI
Title
iommu/amd: Fix clone_alias() to use the original device's devid
Summary
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clone_alias() to use the original device's devid Currently clone_alias() assumes first argument (pdev) is always the original device pointer. This function is called by pci_for_each_dma_alias() which based on topology decides to send original or alias device details in first argument. This meant that the source devid used to look up and copy the DTE may be incorrect, leading to wrong or stale DTE entries being propagated to alias device. Fix this by passing the original pdev as the opaque data argument to both the direct clone_alias() call and pci_for_each_dma_alias(). Inside clone_alias(), retrieve the original device from data and compute devid from it.
Assigner
Impacted products
Vendor Product Version
Linux Linux Affected: 3332364e4ebc0581d133a334645a20fd13b580f1 , < dbd76a537d8cb814e7f5b795ab21ecb7949c821d (git)
Affected: 3332364e4ebc0581d133a334645a20fd13b580f1 , < 20b3c566e2702e5d4d0545be8a97029a2eebcc0e (git)
Affected: 3332364e4ebc0581d133a334645a20fd13b580f1 , < dae251ff11d2d2208a029f98923756831cefec46 (git)
Affected: 3332364e4ebc0581d133a334645a20fd13b580f1 , < faad224fe0f0857a04ff2eb3c90f0de57f47d0f3 (git)
Affected: 1f03a258f20f1699ede29bb40804074db9398a0d (git)
Affected: 5.4.17 , < 5.5 (semver)
Create a notification for this product.
Linux Linux Affected: 5.5
Unaffected: 0 , < 5.5 (semver)
Unaffected: 6.12.91 , ≤ 6.12.* (semver)
Unaffected: 6.18.33 , ≤ 6.18.* (semver)
Unaffected: 7.0.10 , ≤ 7.0.* (semver)
Unaffected: 7.1 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/amd/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "dbd76a537d8cb814e7f5b795ab21ecb7949c821d",
              "status": "affected",
              "version": "3332364e4ebc0581d133a334645a20fd13b580f1",
              "versionType": "git"
            },
            {
              "lessThan": "20b3c566e2702e5d4d0545be8a97029a2eebcc0e",
              "status": "affected",
              "version": "3332364e4ebc0581d133a334645a20fd13b580f1",
              "versionType": "git"
            },
            {
              "lessThan": "dae251ff11d2d2208a029f98923756831cefec46",
              "status": "affected",
              "version": "3332364e4ebc0581d133a334645a20fd13b580f1",
              "versionType": "git"
            },
            {
              "lessThan": "faad224fe0f0857a04ff2eb3c90f0de57f47d0f3",
              "status": "affected",
              "version": "3332364e4ebc0581d133a334645a20fd13b580f1",
              "versionType": "git"
            },
            {
              "status": "affected",
              "version": "1f03a258f20f1699ede29bb40804074db9398a0d",
              "versionType": "git"
            },
            {
              "lessThan": "5.5",
              "status": "affected",
              "version": "5.4.17",
              "versionType": "semver"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/amd/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "5.5"
            },
            {
              "lessThan": "5.5",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.91",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.18.*",
              "status": "unaffected",
              "version": "6.18.33",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "7.0.*",
              "status": "unaffected",
              "version": "7.0.10",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "7.1",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.91",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.18.33",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.0.10",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "7.1",
                  "versionStartIncluding": "5.5",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionStartIncluding": "5.4.17",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix clone_alias() to use the original device\u0027s devid\n\nCurrently clone_alias() assumes first argument (pdev) is always the\noriginal device pointer. This function is called by\npci_for_each_dma_alias() which based on topology decides to send\noriginal or alias device details in first argument.\n\nThis meant that the source devid used to look up and copy the DTE\nmay be incorrect, leading to wrong or stale DTE entries being\npropagated to alias device.\n\nFix this by passing the original pdev as the opaque data argument to\nboth the direct clone_alias() call and pci_for_each_dma_alias(). Inside\nclone_alias(), retrieve the original device from data and compute devid\nfrom it."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-28T06:38:38.631Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/dbd76a537d8cb814e7f5b795ab21ecb7949c821d"
        },
        {
          "url": "https://git.kernel.org/stable/c/20b3c566e2702e5d4d0545be8a97029a2eebcc0e"
        },
        {
          "url": "https://git.kernel.org/stable/c/dae251ff11d2d2208a029f98923756831cefec46"
        },
        {
          "url": "https://git.kernel.org/stable/c/faad224fe0f0857a04ff2eb3c90f0de57f47d0f3"
        }
      ],
      "title": "iommu/amd: Fix clone_alias() to use the original device\u0027s devid",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2026-53053",
    "datePublished": "2026-06-24T16:29:59.093Z",
    "dateReserved": "2026-06-09T07:44:35.381Z",
    "dateUpdated": "2026-06-28T06:38:38.631Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2026-53053",
      "date": "2026-07-02",
      "epss": "0.00128",
      "percentile": "0.02852"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2026-53053\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-06-24T17:17:17.327\",\"lastModified\":\"2026-06-28T08:16:31.593\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\niommu/amd: Fix clone_alias() to use the original device\u0027s devid\\n\\nCurrently clone_alias() assumes first argument (pdev) is always the\\noriginal device pointer. This function is called by\\npci_for_each_dma_alias() which based on topology decides to send\\noriginal or alias device details in first argument.\\n\\nThis meant that the source devid used to look up and copy the DTE\\nmay be incorrect, leading to wrong or stale DTE entries being\\npropagated to alias device.\\n\\nFix this by passing the original pdev as the opaque data argument to\\nboth the direct clone_alias() call and pci_for_each_dma_alias(). Inside\\nclone_alias(), retrieve the original device from data and compute devid\\nfrom it.\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"drivers/iommu/amd/iommu.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"3332364e4ebc0581d133a334645a20fd13b580f1\",\"lessThan\":\"dbd76a537d8cb814e7f5b795ab21ecb7949c821d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3332364e4ebc0581d133a334645a20fd13b580f1\",\"lessThan\":\"20b3c566e2702e5d4d0545be8a97029a2eebcc0e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3332364e4ebc0581d133a334645a20fd13b580f1\",\"lessThan\":\"dae251ff11d2d2208a029f98923756831cefec46\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3332364e4ebc0581d133a334645a20fd13b580f1\",\"lessThan\":\"faad224fe0f0857a04ff2eb3c90f0de57f47d0f3\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"1f03a258f20f1699ede29bb40804074db9398a0d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"5.4.17\",\"lessThan\":\"5.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"drivers/iommu/amd/iommu.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"5.5\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"5.5\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.91\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.18.33\",\"lessThanOrEqual\":\"6.18.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.0.10\",\"lessThanOrEqual\":\"7.0.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"7.1\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}]},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/20b3c566e2702e5d4d0545be8a97029a2eebcc0e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dae251ff11d2d2208a029f98923756831cefec46\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/dbd76a537d8cb814e7f5b795ab21ecb7949c821d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/faad224fe0f0857a04ff2eb3c90f0de57f47d0f3\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Loading…

Detection rules are retrieved from Rulezet.

Loading…

Loading…