CVE-2026-52952

Enriched by CISA

In the Linux kernel, the following vulnerability has been resolved: iommu: Fix WARN_ON in __iommu_group_set_domain_nofail() due to reset In __iommu_group_set_domain_internal(), concurrent domain attachments are rejected when any device in the group is recovering. This is necessary to fence concurrent attachments to a multi-device group where devices might share the same RID due to PCI DMA alias quirks, but triggers the WARN_ON in __iommu_group_set_domain_nofail(). Other IOMMU_SET_DOMAIN_MUST_SUCCEED callers in detach/teardown paths, such as __iommu_group_set_core_domain and __iommu_release_dma_ownership, should not be rejected, as the domain would be freed anyway in these nofail paths while group->domain is still pointing to it. So pci_dev_reset_iommu_done() could trigger a UAF when re-attaching group->domain. Honor the IOMMU_SET_DOMAIN_MUST_SUCCEED flag, allowing the callers through the group->recovery_cnt fence, so as to update the group->domain pointer. Instead add a gdev->blocked check in the device iteration loop, to prevent any concurrent per-device detachment.
https://nvd.nist.gov/vuln/detail/CVE-2026-52952

References

416baaa9-dc9f-4396-8d5f-8c081fb06d67

https://git.kernel.org/stable/c/5474e6e17a262db45c60575c73f70210f5c7001f
https://git.kernel.org/stable/c/8fc289e809f3eb7e36cadc4684ab6fad747a5a93

AFFECTED (from MITRE)

Vendor	Product	Versions
Linux	Linux	c279e83953d937470f8a6e69b69f62608714f13f < 8fc289e809f3eb7e36cadc4684ab6fad747a5a93 [affected] c279e83953d937470f8a6e69b69f62608714f13f < 5474e6e17a262db45c60575c73f70210f5c7001f [affected]
Linux	Linux	7.0 [affected] < 7.0 [unaffected] 7.0.10 ≤ 7.0.* [unaffected] 7.1 ≤ * [unaffected]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:linux:linux_kernel::::::::	>= 7.0	< 7.0.10
cpe:2.3:o:linux:linux_kernel::::::::	>= 7.0	< 7.1

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee