CVE-2026-53210

Summary

In the Linux kernel, the following vulnerability has been resolved:

tee: shm: fix shm leak in register_shm_helper()

register_shm_helper() allocates shm before calling iov_iter_npages(). If iov_iter_npages() returns 0, the function jumps to err_ctx_put and leaks shm.

This can be triggered by TEE_IOC_SHM_REGISTER with struct tee_ioctl_shm_register_data where length is 0.

Jump to err_free_shm instead.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux7bdee41575919773818e525ea19e54eb817770af < 4277759906b44d923a38c8f59f5576501b187b0daffected
LinuxLinux7bdee41575919773818e525ea19e54eb817770af < c10c9c48b2903f41ed4c532043b0576e86228236affected
LinuxLinux7bdee41575919773818e525ea19e54eb817770af < dbf779db927414f5b37c1f666013e9b48a88cfdeaffected
LinuxLinux7bdee41575919773818e525ea19e54eb817770af < 26682f5efc276e3ad96d102019472bfbf03833b2affected
LinuxLinux6.8affected
LinuxLinux0 < 6.8unaffected
LinuxLinux6.12.94 <= 6.12.*unaffected
LinuxLinux6.18.36 <= 6.18.*unaffected
LinuxLinux7.0.13 <= 7.0.*unaffected
LinuxLinux7.1 <= *unaffected

Weaknesses

References