CVE-2026-53280

iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()

Assigner: Linux
Reserved: 09.06.2026 Published: 26.06.2026 Updated: 26.06.2026

In the Linux kernel, the following vulnerability has been resolved:

iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()

Local sashiko review pointed it out that group->domain could be NULL when a default domain fails to allocate during the first probe, which can crash at domain->ops->attach_dev dereference in __iommu_attach_device() invoked by pci_dev_reset_iommu_done().

pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL.

Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.

Product Status

Vendor	Linux
Product	Linux
Versions	Default: unaffected affected from c279e83953d937470f8a6e69b69f62608714f13f to 17194cd0dd236e732d116d50840d795ca50ef196 (excl.) affected from c279e83953d937470f8a6e69b69f62608714f13f to d769711fcddd005f1e654b3bde547140917fe696 (excl.)

Vendor

Linux

Product

Linux

Versions

Default: unaffected

affected from c279e83953d937470f8a6e69b69f62608714f13f to 17194cd0dd236e732d116d50840d795ca50ef196 (excl.)
affected from c279e83953d937470f8a6e69b69f62608714f13f to d769711fcddd005f1e654b3bde547140917fe696 (excl.)

Vendor	Linux
Product	Linux
Versions	Default: affected Version 7.0 is affected unaffected from 0 to 7.0 (excl.) unaffected from 7.0.10 to 7.0.* (incl.) unaffected from 7.1 to * (incl.)

Vendor

Linux

Product

Linux

Versions

Default: affected

Version 7.0 is affected
unaffected from 0 to 7.0 (excl.)
unaffected from 7.0.10 to 7.0.* (incl.)
unaffected from 7.1 to * (incl.)

References

CVE-2026-53280 PUBLISHED

iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()

Product Status

References