CVE Catalog

CVE-2026-53159

MediumCVSS 5.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.12%

2th percentile — higher than 2% of all known CVEs

Summary

In the Linux kernel, the misc: fastrpc driver has a vulnerability due to misuse of find_vma(). When a user pointer falls in a gap before the returned VMA, the DMA address offset calculation underflows, corrupting the DMA address sent to the DSP.

Risk Assessment

The risk involves potential data corruption or malfunction of the DSP, which could lead to system crashes or compromise the integrity of data processed by the accelerator.

Recommendation

It is recommended to immediately update the Linux kernel to a version that replaces find_vma() with vma_lookup(), which returns NULL for addresses not contained within any VMA.

Original NVD description (English source)

In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows, corrupting the DMA address sent to the DSP. Replace find_vma() with vma_lookup(), which returns NULL when the address is not contained within any VMA.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS