CVE-2026-53187

In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: Validate cpu id against nr cpu ids in DMAH alloc

The cpu id attribute supplied by user space through UVERBS ATTR ALLOC DMAH CPU ID is passed directly to cpumask test cpu() without first verifying that the value is within the valid CPU range.

Passing such untrusted data to cpumask test cpu() may lead to an out-of-bounds read of the underlying cpumask bitmap: the helper expands to a test bit() that indexes the bitmap by cpu id / BITS PER LONG with no bound check.

In addition, on kernels built with CONFIG DEBUG PER CPU MAPS it trips the WARN ON ONCE() in cpumask check(); combined with panic on warn this turns a bad user input into a machine reboot.

Reject any cpu id that is not smaller than nr cpu ids with -EINVAL before it is used.

Reported by Smatch.