NULL pointer dereference in Linux kernel - CVE-2026-53280
Published: June 29, 2026
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a NULL pointer dereference in pci_dev_reset_iommu_done() when re-attaching a RID domain after device reset. A local user can trigger device reset handling to cause a denial of service.
The issue occurs when default domain allocation fails during the first probe, leaving group->domain uninitialized.