Description
In the Linux kernel, the following vulnerability has been resolved:

iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()

Local sashiko review pointed it out that group->domain could be NULL when
a default domain fails to allocate during the first probe, which can crash
at domain->ops->attach_dev dereference in __iommu_attach_device() invoked
by pci_dev_reset_iommu_done().

pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL.

Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.
Published: 2026-06-26
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

A null pointer dereference occurs in the IOMMU subsystem when the kernel attempts to reset a PCI device. If the IOMMU default domain fails to allocate during the initial probe, the group->domain pointer is left NULL. The subsequent call to pci_dev_reset_iommu_done() tries to reattach the device and dereferences domain->ops->attach_dev, causing a kernel crash. This results in an immediate denial of service on the affected system.

Affected Systems

All Linux kernel versions prior to the inclusion of the patch that resolves the null dereference are affected. The vulnerability applies to the generic Linux kernel vendor and includes any distribution using those kernels. No specific version range is listed, so any kernel that contains the vulnerable code path is vulnerable.

Risk and Exploitability

The CVSS score is not listed, and the EPSS score is unavailable, meaning the quantification of risk is uncertain. The vulnerability is not listed in the CISA KEV catalog. The attack requires local access to perform a reset on a PCI device that triggers the null reference, so the risk is moderate for local users and high for privileged users. The lack of an exploit description or remote access vector means the primary risk is a local denial of service.

Generated by OpenCVE AI on June 26, 2026 at 22:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply a kernel update that includes the patch fixing the null dereference in iommu:pci_done
  • If an immediate kernel upgrade is not possible, disable automatic PCI device reset logic in the affected kernel module or prevent suspend/resume operations that trigger pci_dev_reset_iommu_done
  • Remove or disable the problematic IOMMU device configuration or uninstall drivers that invoke the reset until the kernel is patched

Generated by OpenCVE AI on June 26, 2026 at 22:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 23:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-476

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() Local sashiko review pointed it out that group->domain could be NULL when a default domain fails to allocate during the first probe, which can crash at domain->ops->attach_dev dereference in __iommu_attach_device() invoked by pci_dev_reset_iommu_done(). pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL. Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.
Title iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done()
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:40:42.226Z

Reserved: 2026-06-09T07:44:35.395Z

Link: CVE-2026-53280

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-26T22:45:05Z

Weaknesses