PT-2026-51847 · Linux · Linux
Published
2026-06-24
·
Updated
2026-06-24
·
CVE-2026-52953
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
In the Linux kernel, the following vulnerability has been resolved:
iommu/vt-d: Fix oops due to out of scope access
Below oops triggers when kill QEMU process:
Oops: general protection fault, probably for non-canonical address 0x7fffffff844eaaa7: 0000 [#1] SMP NOPTI
Call Trace:
do raw spin lock+0xaa/0xc0
raw spin lock irqsave+0x21/0x40
domain remove dev pasid+0x52/0x160
intel nested set dev pasid+0x1b9/0x1e0
iommu set group pasid+0x56/0x120
pci dev reset iommu done+0xe3/0x180
pcie flr+0x65/0x160
pci reset function locked+0x5b/0x120
vfio pci core close device+0x63/0xe0 [vfio pci core]
vfio df close+0x4f/0xa0
vfio df unbind iommufd+0x2d/0x60
vfio device fops release+0x3e/0x40
fput+0xe5/0x2c0
task work run+0x58/0xa0
do exit+0x2c8/0x600
do group exit+0x2f/0xa0
get signal+0x863/0x8c0
arch do signal or restart+0x24/0x100
exit to user mode loop+0x87/0x380
do syscall 64+0x2ff/0x11e0
entry SYSCALL 64 after hwframe+0x76/0x7e
The global static blocked domain is a dummy domain without corresponding
dmar domain structure, accessing beyond iommu domain structure triggers
oops easily. Fix it by return early in domain remove dev pasid() like
identity domain.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Linux