Main Vulnerability Database SB20260406106

SB20260406106 - Use-after-free in Linux kernel iommu driver

Published: April 6, 2026

Security Bulletin ID SB20260406106

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2026-23429)

The vulnerability allows a local user to cause a denial of service.

The vulnerability exists due to a use-after-free in iommu_sva_unbind_device() when unbinding a device from an IOMMU SVA domain. A local user can trigger the unbind operation to cause a denial of service.

The issue occurs because domain->mm->iommu_mm may be accessed after iommu_domain_free() has freed the associated mm structure, resulting in a kernel crash.

Remediation

Install update from vendor's website.

References

https://git.kernel.org/stable/c/06e14c36e20b48171df13d51b89fe67c594ed07a
https://git.kernel.org/stable/c/58abeb7b9562f25bdfa2f5ae5ce803eb02e74433
https://git.kernel.org/stable/c/f5daaa2c959d9f894fb5b1ab76da8612dd220a0d