CVE-2026-53188 PUBLISHED

RDMA/core: Validate the passed in fops for ib_get_ucaps()

Assigner: Linux
Reserved: 09.06.2026 Published: 25.06.2026 Updated: 25.06.2026

In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: Validate the passed in fops for ib_get_ucaps()

Sashiko pointed out it is not safe to rely only on the devt because char/block alias so if the user finds a block device with the same dev_t it can masquerade as a ucap cdev fd.

Test the f_ops to only accept authentic cdevs.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from 61e51682816d395307f78ae06d640089054c28ab to 96b6e98ff12d50ed5817230c6f1188e1150d225d (excl.) affected from 61e51682816d395307f78ae06d640089054c28ab to aa181287ebdcc53ee0ba5c2f8243e2d541ebc19b (excl.) affected from 61e51682816d395307f78ae06d640089054c28ab to 4a1b1ac2744694a2ecd66a84bdb1445f4ef24bee (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 6.15 is affected unaffected from 0 to 6.15 (excl.) unaffected from 6.18.36 to 6.18.* (incl.) unaffected from 7.0.13 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

CVE-2026-53188 PUBLISHED

RDMA/core: Validate the passed in fops for ib_get_ucaps()

Product Status

References