PatchSiren cyber security CVE debrief
CVE-2026-53164 Linux CVE debrief
A vulnerability in the Linux kernel's iommu/dma has been resolved. The issue arises when iommu_dma_iova_link_swiotlb() processes an unaligned mapping in three parts: head, middle, and trailer. If the middle part is empty due to no aligned pages, it calls iommu_map() with a 0 size, which is considered illegal by the iommupt implementation. This leads to an error unwind that starts from the wrong spot, corrupting the mapping. Eventually, the destruction of the mapping triggers a WARN_ON. The vulnerability is frequently triggered by certain types of Thunderbolt NVMe drives that force SWIOTLB for unaligned memory. NVMe seems to pass oddly aligned buffers for passthrough commands from smartctl, hitting this condition. The issue is resolved by checking for a 0 length and avoiding mapping, using an offset not equal to 0 as the starting point to unlink.
- Vendor
- Linux
- Product
- Unknown
- CVSS
- Unknown
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-25
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-06-25
- Advisory updated
- 2026-06-30
Who should care
System administrators and security teams managing Linux kernel-based systems, especially those utilizing Thunderbolt NVMe drives, should be aware of this vulnerability. The vulnerability's impact could lead to mapping corruption and WARN_ON triggers during the destruction of the mapping. Defensive measures should be taken to ensure systems are updated with the patched kernel.
Technical summary
The Linux kernel vulnerability, CVE-2026-53164, is related to the iommu/dma component. Specifically, the iommu_dma_iova_link_swiotlb() function mishandles unaligned mappings. When processing a mapping in three parts (head, middle, and trailer), if the middle part is empty (no aligned pages), it incorrectly calls iommu_map() with a 0 size. This is deemed illegal by the iommupt implementation, leading to an error unwind that corrupts the mapping. The corruption is evident when the mapping is eventually destroyed, triggering a WARN_ON. This issue is commonly encountered with certain Thunderbolt NVMe drives that enforce SWIOTLB for unaligned memory. These drives, when used with smartctl for passthrough commands, often pass buffers with odd alignments, thus hitting this vulnerability condition. The fix involves checking for a 0 length to prevent illegal mappings and adjusting the starting point for unlinking.
Defensive priority
Medium priority should be given to patching systems due to the potential for mapping corruption and system instability. Updating the Linux kernel to include the fix for this vulnerability is recommended.
Recommended defensive actions
- Update the Linux kernel to the latest version that includes the fix for CVE-2026-53164.
- Review system configurations for Thunderbolt NVMe drives and ensure they are properly managed.
- Monitor system logs for WARN_ON triggers related to iommu/dma mappings.
- Consider implementing compensating controls for systems that cannot be immediately patched.
- Perform thorough inventory checks to identify potentially affected systems.
Evidence notes
The CVE-2026-53164 vulnerability details are based on information from official Linux kernel sources and CVE records. The vulnerability's impact and defensive recommendations are derived from the provided source corpus. Evidence from the Linux kernel community and CVE.org suggests that this issue has been resolved in recent kernel updates.
Official resources
-
CVE-2026-53164 CVE record
CVE.org
-
CVE-2026-53164 NVD detail
NVD
-
Source item URL
nvd_modified
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
-
Source reference
416baaa9-dc9f-4396-8d5f-8c081fb06d67
This article is AI-assisted and based on the supplied source corpus.