Description
In the Linux kernel, the following vulnerability has been resolved:

vfio/pci: Clean up DMABUFs before disabling function

On device shutdown, make vfio_pci_core_close_device() call
vfio_pci_dma_buf_cleanup() before the function is disabled via
vfio_pci_core_disable(). This ensures that all access via DMABUFs is
revoked before the function's BARs become inaccessible.

This fixes an issue where, if the function is disabled first, a tiny
window exists in which the function's MSE is cleared and yet BARs
could still be accessed via the DMABUF. The resources would also be
freed and up for grabs by a different driver.
Published: 2026-06-26
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Linux kernel VFIO‑PCI subsystem had a race condition during device shutdown: the device's function was disabled before its DMABUF resources were cleaned up. This left a brief window where a DMABUF handle could still access the function's BARs after the memory selection enable bit was cleared, allowing unauthorized read or write to hardware registers and memory that should have been sealed. The flaw effectively permits manipulation of device internals that could be leveraged to elevate privileges or destabilize the system. Based on the description, the likely attack vector involves a privileged process or driver that initiates a VFIO‑PCI device shutdown, creating the race window for exploitation.

Affected Systems

All Linux kernel versions prior to the commit sequence referenced in the CVE links are affected. The issue resides in the kernel source under the VFIO‑PCI module; updates that include the commits in the linked git URLs contain the fix. Systems running kernels that lack those changes are vulnerable.

Risk and Exploitability

The vulnerability requires an attacker with sufficient privileges to trigger a VFIO‑PCI device shutdown or to load a malicious driver that performs such a sequence. It carries a CVSS score of 8.8 indicating high severity, and an EPSS score of < 1% showing a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Because the race window is short and is mitigated once the kernel applies the patch, the risk is limited to environments where a privileged or compromised driver can exercise control over the device state. Successful exploitation could lead to privilege escalation or denial of service through hardware misbehavior.

Generated by OpenCVE AI on June 29, 2026 at 15:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the kernel patch that incorporates the commits linked in the CVE references
  • Reboot the system to load the updated kernel
  • Disable the VFIO‑PCI module or restrict its loading to trusted drivers if the device is not needed

Generated by OpenCVE AI on June 29, 2026 at 15:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 29 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-419
CWE-829

Mon, 29 Jun 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-826
References
Metrics threat_severity

None

threat_severity

Important


Sun, 28 Jun 2026 13:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-419
CWE-829

Sun, 28 Jun 2026 11:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-409

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Fri, 26 Jun 2026 22:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-409

Fri, 26 Jun 2026 20:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Clean up DMABUFs before disabling function On device shutdown, make vfio_pci_core_close_device() call vfio_pci_dma_buf_cleanup() before the function is disabled via vfio_pci_core_disable(). This ensures that all access via DMABUFs is revoked before the function's BARs become inaccessible. This fixes an issue where, if the function is disabled first, a tiny window exists in which the function's MSE is cleared and yet BARs could still be accessed via the DMABUF. The resources would also be freed and up for grabs by a different driver.
Title vfio/pci: Clean up DMABUFs before disabling function
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-07-15T00:44:21.192Z

Reserved: 2026-06-09T07:44:35.398Z

Link: CVE-2026-53322

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-06-26T00:00:00Z

Links: CVE-2026-53322 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-29T15:30:05Z

Weaknesses
  • CWE-826

    Premature Release of Resource During Expected Lifetime