Description
In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: fix DMA address corruption due to find_vma misuse

fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided
pointer and compute a DMA address offset. When the address falls in a gap
before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows,
corrupting the DMA address sent to the DSP.

Replace find_vma() with vma_lookup(), which returns NULL when the address
is not contained within any VMA.
Published: 2026-06-25
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel fastrpc subsystem incorrectly used find_vma to locate a user-space pointer while computing a DMA address offset. If the pointer lay in the gap preceding the returned VMA, the calculation underflowed, producing a corrupted DMA address that was then communicated to the DSP. This flaw can cause the kernel to map memory incorrectly for DMA operations, potentially allowing data corruption or unintended data exposure. The weakness is an integer or memory offset misuse that leads to improper DMA mappings.

Affected Systems

Any Linux system running kernel versions that include the fastrpc module without the patch commit that replaces find_vma with vma_lookup(). The vulnerability is present in all affected builds prior to the patch and applies to the generic Linux kernel across all architectures that use fastrpc for DMA.

Risk and Exploitability

The CVSS score is not available, and the EPSS score is < 1%. The vulnerability is not listed in CISA KEV catalog. The flaw requires kernel-level execution, and an attacker would need to influence the fastrpc argument to trigger the underflow. While there is no documented exploit yet, the integrity impact could be significant if the kernel maps DMA buffers incorrectly.

Generated by OpenCVE AI on June 26, 2026 at 02:57 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Linux kernel to a version that includes the fastrpc patch correcting the DMA address calculation.
  • If an immediate kernel upgrade cannot be performed, recompile the kernel with the fastrpc subsystem disabled or with the correct vma_lookup() path to prevent the misuse.
  • Apply system‑level controls (e.g., SELinux, AppArmor, or udev rules) to restrict user processes from accessing or invoking fastrpc DMA operations during the remediation period.

Generated by OpenCVE AI on June 26, 2026 at 02:57 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4665-1 linux security update
Debian DLA Debian DLA DLA-4671-1 linux-6.1 security update
History

Sat, 04 Jul 2026 12:15:00 +0000


Fri, 26 Jun 2026 00:15:00 +0000


Thu, 25 Jun 2026 12:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-125
CWE-193

Thu, 25 Jun 2026 09:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows, corrupting the DMA address sent to the DSP. Replace find_vma() with vma_lookup(), which returns NULL when the address is not contained within any VMA.
Title misc: fastrpc: fix DMA address corruption due to find_vma misuse
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-18T07:33:18.557Z

Reserved: 2026-06-09T07:44:35.388Z

Link: CVE-2026-53159

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53159 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T03:00:05Z

Weaknesses