net: mvpp2: sync RX data at the hardware packet offset

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

Description

In the Linux kernel, the following vulnerability has been resolved:

net: mvpp2: sync RX data at the hardware packet offset

mvpp2 programs the RX queue packet offset, so hardware writes received
data at dma_addr + MVPP2_SKB_HEADROOM. The current CPU sync starts at
dma_addr and only covers rx_bytes + MVPP2_MH_SIZE bytes, which syncs the
unused headroom and misses the same number of bytes at the packet tail.

On non-coherent DMA systems this can leave the CPU reading stale cache
contents for the end of the received frame.

Use dma_sync_single_range_for_cpu() with MVPP2_SKB_HEADROOM as the range
offset so the sync covers the Marvell header and packet data actually
written by hardware.

AI Analysis

A vulnerability in the Linux kernel's mvpp2 driver allows for stale cache contents to be read by the CPU, potentially leading to data corruption or other security issues.

Basic Information

ID CVE-2026-53217

Source Linux

Published Jun 25, 2026 at 08:39

Modified Jun 28, 2026 at 06:40

Affected Product

Vendor Linux

Product Linux

Version e1921168bbd4810de4197446e52f652cd0dd9541

Affected Versions Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541
Linux Linux 5.5

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor Linux Foundation

Product Linux Kernel

Version e1921168bbd4810de4197446e52f652cd0dd9541, 5.5

References

{
    "lastseen": "",
    "description": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: sync RX data at the hardware packet offset\n\nmvpp2 programs the RX queue packet offset, so hardware writes received\ndata at dma_addr + MVPP2_SKB_HEADROOM. The current CPU sync starts at\ndma_addr and only covers rx_bytes + MVPP2_MH_SIZE bytes, which syncs the\nunused headroom and misses the same number of bytes at the packet tail.\n\nOn non-coherent DMA systems this can leave the CPU reading stale cache\ncontents for the end of the received frame.\n\nUse dma_sync_single_range_for_cpu() with MVPP2_SKB_HEADROOM as the range\noffset so the sync covers the Marvell header and packet data actually\nwritten by hardware.",
    "published": "2026-06-25T08:39:20.186Z",
    "modified": "2026-06-28T06:40:31.101Z",
    "type": "cve",
    "title": "net: mvpp2: sync RX data at the hardware packet offset",
    "source": "Linux",
    "references": "https://git.kernel.org/stable/c/60412bdd1b2576659eac23a23d2d9ff96228a643\nhttps://git.kernel.org/stable/c/19f8bc139e9b149d1e5bf75ae761d1bb8dd3e7d8\nhttps://git.kernel.org/stable/c/a3ad9b5767c89531fc7dae951b51b0933dcf7051\nhttps://git.kernel.org/stable/c/bede0f481b9137d73d1cf64309cbe4b94818a5d6\nhttps://git.kernel.org/stable/c/23548007b3c66d628fc7d6b80d1e23be04ea10d9\nhttps://git.kernel.org/stable/c/a13199fa224e9f776f4005d5037df03aa9ea8f37\nhttps://git.kernel.org/stable/c/e302206ad84a407a7e5f3f6fe767ff5efaace689\nhttps://git.kernel.org/stable/c/180235600934bef6add3be637c296d6cf3272e67",
    "id": "CVE-2026-53217",
    "bulletinFamily": "",
    "cwe": null,
    "cvelist": null,
    "sourceData": "Linux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux e1921168bbd4810de4197446e52f652cd0dd9541\nLinux Linux 5.5",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Linux",
    "version": "e1921168bbd4810de4197446e52f652cd0dd9541",
    "vendor": "Linux",
    "ai_description": "A vulnerability in the Linux kernel's mvpp2 driver allows for stale cache contents to be read by the CPU, potentially leading to data corruption or other security issues.",
    "ai_severity": "High",
    "ai_vendor": "Linux Foundation",
    "ai_product": "Linux Kernel",
    "ai_version": "e1921168bbd4810de4197446e52f652cd0dd9541, 5.5",
    "ai_score": 8.6
}

net: mvpp2: sync RX data at the hardware packet offset_CVE-2026-53217