In the Linux kernel, the following vulnerability has been resolved:
iommu/sva: Fix crash in iommusvaunbind_device()
domain->mm->iommumm can be freed by iommudomainfree(): iommudomain_free() mmdrop() _mmdrop() mmpasiddrop() After iommudomainfree() returns, accessing domain->mm->iommumm may dereference a freed mm structure, leading to a crash.
Fix this by moving the code that accesses domain->mm->iommumm to before the call to iommudomain_free().
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23429.json",
"cna_assigner": "Linux"
}