CVE-2026-53159
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
In the Linux kernel, the misc: fastrpc driver has a vulnerability due to misuse of find_vma(). When a user pointer falls in a gap before the returned VMA, the DMA address offset calculation underflows, corrupting the DMA address sent to the DSP.
Risk Assessment
The risk involves potential data corruption or malfunction of the DSP, which could lead to system crashes or compromise the integrity of data processed by the accelerator.
Recommendation
It is recommended to immediately update the Linux kernel to a version that replaces find_vma() with vma_lookup(), which returns NULL for addresses not contained within any VMA.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows, corrupting the DMA address sent to the DSP. Replace find_vma() with vma_lookup(), which returns NULL when the address is not contained within any VMA.

