Improper control of a resource through its lifetime in Linux kernel - CVE-2026-53322
Published: June 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to access device BAR resources after device shutdown, potentially leading to disclosure of sensitive information, modification of data, or a denial of service.
The vulnerability exists due to improper resource shutdown sequencing in vfio_pci_core_close_device() when closing a device while DMABUF access remains active. A local user can keep accessing the device through DMABUF mappings during the shutdown window to access device BAR resources after device shutdown, potentially leading to disclosure of sensitive information, modification of data, or a denial of service.
The issue occurs in a small window after memory space enable is cleared and before DMABUF access is revoked, while the resources may be reassigned to a different driver.