7.8
/ 10
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Description
In the Linux kernel, the following vulnerability has been resolved:
RDMA/umem: Fix truncation for block sizes >= 4G
When the iommu is used the linearization of the mapping can give a single
block that is very large split across multiple SG entries.
When __rdma_block_iter_next() reassembles the split SG entries it is
overflowing the 32 bit stack values and computed the wrong DMA addresses
for blocks after the truncation.
Use the right types to hold DMA addresses.
RDMA/umem: Fix truncation for block sizes >= 4G
When the iommu is used the linearization of the mapping can give a single
block that is very large split across multiple SG entries.
When __rdma_block_iter_next() reassembles the split SG entries it is
overflowing the 32 bit stack values and computed the wrong DMA addresses
for blocks after the truncation.
Use the right types to hold DMA addresses.
Basic Information
ID
CVE-2026-53133
Source
Linux
Published
Jun 25, 2026 at 08:38
Modified
Jun 28, 2026 at 06:39
Affected Product
Vendor
Linux
Product
Linux
Version
a808273a495c657e33281b181fd7fcc2bb28f662
Affected Versions
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux 5.2
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux a808273a495c657e33281b181fd7fcc2bb28f662
Linux Linux 5.2
References
- git.kernel.org /stable/c/2ff4b7817e5b78070c30f5fb5e678e452a2628b3
- git.kernel.org /stable/c/dee2a49adeeb2a5e16a3fc858fa21b841c519802
- git.kernel.org /stable/c/cc644d5608e3b0dadc970bd6e6aa26b91ea07d0f
- git.kernel.org /stable/c/8fe0231adebe086c8a459c790944ac026cd99c6e
- git.kernel.org /stable/c/baf8685bcf56dc1efb44b8f6a57c42516e549068
- git.kernel.org /stable/c/afd35fec9297195b759078745549c2671223f24f
- git.kernel.org /stable/c/ac1aad8e1281534ce936c250f68084fc79c5469e
- git.kernel.org /stable/c/15fe76e23615f502d051ef0768f86babaf08746c