CVE-2026-53133

Summary

In the Linux kernel, the following vulnerability has been resolved:

RDMA/umem: Fix truncation for block sizes >= 4G

When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries.

When __rdma_block_iter_next() reassembles the split SG entries it is overflowing the 32 bit stack values and computed the wrong DMA addresses for blocks after the truncation.

Use the right types to hold DMA addresses.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < 2ff4b7817e5b78070c30f5fb5e678e452a2628b3affected
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < dee2a49adeeb2a5e16a3fc858fa21b841c519802affected
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < cc644d5608e3b0dadc970bd6e6aa26b91ea07d0faffected
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < 8fe0231adebe086c8a459c790944ac026cd99c6eaffected
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < baf8685bcf56dc1efb44b8f6a57c42516e549068affected
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < afd35fec9297195b759078745549c2671223f24faffected
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < ac1aad8e1281534ce936c250f68084fc79c5469eaffected
LinuxLinuxa808273a495c657e33281b181fd7fcc2bb28f662 < 15fe76e23615f502d051ef0768f86babaf08746caffected
LinuxLinux5.2affected
LinuxLinux0 < 5.2unaffected
LinuxLinux5.10.259 <= 5.10.*unaffected
LinuxLinux5.15.210 <= 5.15.*unaffected
LinuxLinux6.1.176 <= 6.1.*unaffected
LinuxLinux6.6.143 <= 6.6.*unaffected
LinuxLinux6.12.94 <= 6.12.*unaffected
LinuxLinux6.18.36 <= 6.18.*unaffected
LinuxLinux7.0.13 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References