PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-53164 Linux CVE debrief

A vulnerability in the Linux kernel's iommu/dma has been resolved. The issue arises when iommu_dma_iova_link_swiotlb() processes an unaligned mapping in three parts: head, middle, and trailer. If the middle part is empty due to no aligned pages, it calls iommu_map() with a 0 size, which is considered illegal by the iommupt implementation. This leads to an error unwind that starts from the wrong spot, corrupting the mapping. Eventually, the destruction of the mapping triggers a WARN_ON. The vulnerability is frequently triggered by certain types of Thunderbolt NVMe drives that force SWIOTLB for unaligned memory. NVMe seems to pass oddly aligned buffers for passthrough commands from smartctl, hitting this condition. The issue is resolved by checking for a 0 length and avoiding mapping, using an offset not equal to 0 as the starting point to unlink.

Vendor
Linux
Product
Unknown
CVSS
Unknown
CISA KEV
Not listed in stored evidence
Original CVE published
2026-06-25
Original CVE updated
2026-06-30
Advisory published
2026-06-25
Advisory updated
2026-06-30

Who should care

System administrators and security teams managing Linux kernel-based systems, especially those utilizing Thunderbolt NVMe drives, should be aware of this vulnerability. The vulnerability's impact could lead to mapping corruption and WARN_ON triggers during the destruction of the mapping. Defensive measures should be taken to ensure systems are updated with the patched kernel.

Technical summary

The Linux kernel vulnerability, CVE-2026-53164, is related to the iommu/dma component. Specifically, the iommu_dma_iova_link_swiotlb() function mishandles unaligned mappings. When processing a mapping in three parts (head, middle, and trailer), if the middle part is empty (no aligned pages), it incorrectly calls iommu_map() with a 0 size. This is deemed illegal by the iommupt implementation, leading to an error unwind that corrupts the mapping. The corruption is evident when the mapping is eventually destroyed, triggering a WARN_ON. This issue is commonly encountered with certain Thunderbolt NVMe drives that enforce SWIOTLB for unaligned memory. These drives, when used with smartctl for passthrough commands, often pass buffers with odd alignments, thus hitting this vulnerability condition. The fix involves checking for a 0 length to prevent illegal mappings and adjusting the starting point for unlinking.

Defensive priority

Medium priority should be given to patching systems due to the potential for mapping corruption and system instability. Updating the Linux kernel to include the fix for this vulnerability is recommended.

Recommended defensive actions

  • Update the Linux kernel to the latest version that includes the fix for CVE-2026-53164.
  • Review system configurations for Thunderbolt NVMe drives and ensure they are properly managed.
  • Monitor system logs for WARN_ON triggers related to iommu/dma mappings.
  • Consider implementing compensating controls for systems that cannot be immediately patched.
  • Perform thorough inventory checks to identify potentially affected systems.

Evidence notes

The CVE-2026-53164 vulnerability details are based on information from official Linux kernel sources and CVE records. The vulnerability's impact and defensive recommendations are derived from the provided source corpus. Evidence from the Linux kernel community and CVE.org suggests that this issue has been resolved in recent kernel updates.

Official resources

This article is AI-assisted and based on the supplied source corpus.