CVE-2026-45931
HighCVSS 7.8Exploitation Probability (EPSS)
Low risk7th percentile - higher than 7% of all known CVEs
Summary
A vulnerability has been identified in the Linux kernel that leads to a crash in the iommu_sva_unbind_device() function due to accessing the mm structure after it has been freed. The issue has been resolved by holding a reference to the mm structure throughout the device bind/unbind operation.
Risk Assessment
This vulnerability may lead to system crashes, affecting service availability and operating system stability. If exploited, it could cause unpredictable system behavior.
Recommendation
It is recommended to update the Linux kernel to the latest version where this vulnerability has been fixed to ensure system stability and security.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: accel/amdxdna: Hold mm structure across iommu_sva_unbind_device() Some tests trigger a crash in iommu_sva_unbind_device() due to accessing iommu_mm after the associated mm structure has been freed. Fix this by taking an explicit reference to the mm structure after successfully binding the device, and releasing it only after the device is unbound. This ensures the mm remains valid for the entire SVA bind/unbind lifetime.

