Use-after-free in Linux kernel - CVE-2026-52952
Published: June 25, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a use-after-free in __iommu_group_set_domain_internal() when handling concurrent domain attachment and device recovery operations. A local user can trigger device reset and re-attachment sequences to cause a denial of service.
The issue arises when a device in the IOMMU group is recovering while group->domain still points to a domain that may be freed.