Description
In the Linux kernel, the following vulnerability has been resolved:

iommu/riscv: Remove overflows on the invalidation path

Since RISC-V supports a sign extended page table it should support
a gather->end of ULONG_MAX, but if this happens it will infinite loop
because of the overflow.

Also avoid overflow computing the length by moving the +1 to the other
side of the <
Published: 2026-06-26
Score: n/a
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel contains an integer overflow when handling the IOMMU invalidation path on RISC‑V architectures. A sign‑extended page table may reach ULONG_MAX, and adding one to this value overflows, causing the internal loop that walks the table to spin indefinitely. The resulting infinite loop can lock up the kernel thread that performs the invalidation, effectively denying service to all processes that rely on IOMMU operations. The weakness is an integer overflow, classified as CWE-190.

Affected Systems

Linux kernel running on RISC‑V hardware that uses the IOMMU subsystemextended page tables. The vulnerability exists in any kernel version that predates the patch applied in the commits listed in the references; the fix was merged but no specific release number is provided.

Risk and Exploitability

The CVSS score is not supplied, and EPSS is not available, but the lack of a KEV listing indicates limited known exploitation. Nevertheless, the infinite loop can be triggered by any operation that requires IOMMU invalidation, which a privileged user could influence or an attacker controlling a device could exploit. The risk is medium to high for impacted systems, especially if the IOMMU is actively used. No public exploit is reported, yet the kernel path that contains the overflow is a local‑privilege or device‑level trigger.

Generated by OpenCVE AI on June 26, 2026 at 22:09 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Switch to a Linux kernel version that includes the patch introduced in commits 40a13b4, 9f0632b, and e4b7687 for the RISC‑V IOMMU invalidation path.
  • If an immediate kernel update is not possible, temporarily disable the IOMMU subsystem on RISC‑V devices that are not required for normal operation, as a mitigative measure against the infinite loop.
  • Restart any services that rely on IOMMU after disabling or updating, and monitor kernel logs for signs of the infinite loop or CPU saturation.

Generated by OpenCVE AI on June 26, 2026 at 22:09 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 12:15:00 +0000


Fri, 26 Jun 2026 22:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-190

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Remove overflows on the invalidation path Since RISC-V supports a sign extended page table it should support a gather->end of ULONG_MAX, but if this happens it will infinite loop because of the overflow. Also avoid overflow computing the length by moving the +1 to the other side of the <
Title iommu/riscv: Remove overflows on the invalidation path
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-26T19:41:05.688Z

Reserved: 2026-06-09T07:44:35.397Z

Link: CVE-2026-53312

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53312 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-27T03:15:04Z

Weaknesses
  • CWE-190

    Integer Overflow or Wraparound