CVE-2026-45931

Source
https://cve.org/CVERecord?id=CVE-2026-45931
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45931.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-45931
Downstream
Published
2026-05-27T12:17:49.527Z
Modified
2026-07-08T08:13:32.166007042Z
Severity
  • 7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
accel/amdxdna: Hold mm structure across iommu_sva_unbind_device()
Details

In the Linux kernel, the following vulnerability has been resolved:

accel/amdxdna: Hold mm structure across iommusvaunbind_device()

Some tests trigger a crash in iommusvaunbinddevice() due to accessing iommumm after the associated mm structure has been freed.

Fix this by taking an explicit reference to the mm structure after successfully binding the device, and releasing it only after the device is unbound. This ensures the mm remains valid for the entire SVA bind/unbind lifetime.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/45xxx/CVE-2026-45931.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
be462c97b7dfd24999babe39cce3de224ebe1f80
Fixed
f6b4c1d98a7b8040d4d02e89425b3942016a2c2c
Fixed
f31ccf6278132a35a652fe5eeac3941e1e912398
Fixed
a9162439ad792afcddc04718408ec1380b7a5f63

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45931.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.14.0
Fixed
6.18.14
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
6.19.4

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-45931.json"