CVE-2026-53164
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk2th percentile — higher than 2% of all known CVEs
Summary
In the Linux kernel, a vulnerability in the IOMMU/DMA subsystem causes iommu_dma_iova_link_swiotlb() to attempt mapping a zero-length region, leading to iommu_map() failure and mapping corruption. This is frequently triggered by Thunderbolt NVMe drives forcing SWIOTLB for unaligned memory.
Risk Assessment
The vulnerability may cause system crashes (WARN_ON) or instability when using certain NVMe devices, impacting data availability and I/O operation integrity.
Recommendation
Immediately update the Linux kernel to a version containing the fix (commit 0c5f6b5e1a2b) or later to prevent attempts to map zero-length regions.
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: iommu/dma: Do not try to iommu_map a 0 length region in swiotlb iommu_dma_iova_link_swiotlb() processes a mapping that is unaligned in three parts, the head, middle and trailer. If the middle is empty because there are no aligned pages it will call down to iommu_map() with a 0 size which the iommupt implementation will fail as illegal. It then tries to do an error unwind and starts from the wrong spot corrupting the mapping so the eventual destruction triggers a WARN_ON. Check for 0 length and avoid mapping and use offset not 0 as the starting point to unlink. This is frequently triggered by using some kinds of thunderbolt NVMe drives that trigger forced SWIOTLB for unaligned memory. NVMe seems to pass in oddly aligned buffers for the passthrough commands from smartctl that hit this condition.

