Description
In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Fix clone_alias() to use the original device's devid

Currently clone_alias() assumes first argument (pdev) is always the
original device pointer. This function is called by
pci_for_each_dma_alias() which based on topology decides to send
original or alias device details in first argument.

This meant that the source devid used to look up and copy the DTE
may be incorrect, leading to wrong or stale DTE entries being
propagated to alias device.

Fix this by passing the original pdev as the opaque data argument to
both the direct clone_alias() call and pci_for_each_dma_alias(). Inside
clone_alias(), retrieve the original device from data and compute devid
from it.
Published: 2026-06-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from the clone_alias() function in the Linux iommu/amd subsystem incorrectly assuming its first argument is always the original device pointer. When called through pci_for_each_dma_alias(), the function may receive an alias device pointer instead of the original. As a result, the device identifier used to copy the Device Table Entry (DTE) can be wrong, leading to stale or incorrect DTE entries being propagated to alias devices. Based on the description, it is inferred that a malicious driver or device could potentially misdirect device memory mappings, which could lead to privilege escalation or denial of service, although this effect is not explicitly documented in the CVE data.

Affected Systems

All Linux kernel versions that include the iommu/amd module are affected up until the commit that fixes clone_alias(). The fix is present in kernel releases after the commit identified by the patch URLs provided, so any distribution using a kernel older than those updates should be considered vulnerable. No specific vendor or distribution is singled out, but any system that loads the iommu/amd driver is potentially impacted.

Risk and Exploitability

The CVSS score is 8.8 and the EPSS score is < 1%, and the vulnerability is not listed in CISA KEV. The likelihood of exploitation is uncertain because the attack vector is not explicitly documented. Based on the description, the attack vector could be local where an attacker interacts with the kernel through controlling or injecting a device driver or hardware alias. This is an inference and may not be realized without further evidence. The risk level is moderate, but environments where kernel integrity and device isolation are critical should consider the potential impact.

Generated by OpenCVE AI on June 28, 2026 at 13:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that incorporates the commit fixing clone_alias() to correctly use the original device’s devid.
  • Ensure that the kernel update is applied to all nodes in the environment, including servers, embedded devices, and guests that use the iommu/amd module, after verifying the presence of the patch via commit hashes or changelog entries.
  • Monitor system logs for PCI-related warnings or errors after the update, and run kernel security hardening checks to confirm that device alias mappings are functioning correctly.

Generated by OpenCVE AI on June 28, 2026 at 13:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 11:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
CWE-704

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Sat, 27 Jun 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-694
References
Metrics threat_severity

None

cvssV3_1

{'score': 7.0, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H'}

threat_severity

Moderate


Wed, 24 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-347
CWE-704

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix clone_alias() to use the original device's devid Currently clone_alias() assumes first argument (pdev) is always the original device pointer. This function is called by pci_for_each_dma_alias() which based on topology decides to send original or alias device details in first argument. This meant that the source devid used to look up and copy the DTE may be incorrect, leading to wrong or stale DTE entries being propagated to alias device. Fix this by passing the original pdev as the opaque data argument to both the direct clone_alias() call and pci_for_each_dma_alias(). Inside clone_alias(), retrieve the original device from data and compute devid from it.
Title iommu/amd: Fix clone_alias() to use the original device's devid
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:38:38.631Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53053

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53053 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T13:15:16Z

Weaknesses
  • CWE-694

    Use of Multiple Resources with Duplicate Identifier