SB2026032579 - Improper Synchronization in Linux kernel controller dwc driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Synchronization (CVE-ID: CVE-2026-23361)

The vulnerability allows a local user to cause a denial of service, disclose sensitive information, and potentially execute arbitrary code.

The vulnerability exists due to improper synchronization in the PCI driver's MSI-X interrupt handling when unmapping the outbound ATU entry. A local user can trigger the dw_pcie_ep_raise_msix_irq() function to raise an MSI-X interrupt via a posted write transaction that may not complete before the associated ATU entry is unmapped, leading to memory corruption or IOMMU faults.

The issue arises because the writel() operation used to generate the PCI posted write transaction can return before the write reaches its destination, creating a race condition with the subsequent unmap operation. This can result in memory corruption on the host system, including potential access to unauthorized memory regions or system instability.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/6f60a783860c77b309f7d81003b6a0c73feca49e
• https://git.kernel.org/stable/c/a7afb8f810c04845fdfc58c57d9cf0cc5f23ced0
• https://git.kernel.org/stable/c/c22533c66ccae10511ad6a7afc34bb26c47577e3
• https://git.kernel.org/stable/c/eaa6a56801ddd2d9b4980f19e7fe002b00994804