CVE-2026-53280
MediumCVSS 5.5Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in the Linux kernel's pci_dev_reset_iommu_done() function was found where the IOMMU group domain pointer can be NULL if default domain allocation fails during first probe. This leads to a NULL pointer dereference and system crash when attempting to re-attach the device to the domain.
Risk Assessment
An attacker with local access can trigger a PCI device reset, causing a kernel panic and service disruption, resulting in denial of service (DoS).
Recommendation
Immediately update the Linux kernel to a version containing the fix (skip re-attach in pci_dev_reset_iommu_done() when group->domain is NULL).
Original NVD description (English source)
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix NULL group->domain dereference in pci_dev_reset_iommu_done() Local sashiko review pointed it out that group->domain could be NULL when a default domain fails to allocate during the first probe, which can crash at domain->ops->attach_dev dereference in __iommu_attach_device() invoked by pci_dev_reset_iommu_done(). pci_dev_reset_iommu_prepare() is fine as an old_domain pointer can be NULL. Skip the re-attach in pci_dev_reset_iommu_done() to fix the bug.

