CVE-2026-53187

Source
https://cve.org/CVERecord?id=CVE-2026-53187
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53187.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53187
Downstream
Related
Published
2026-06-25T08:39:00.175Z
Modified
2026-07-08T08:07:23.668171894Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc
Details

In the Linux kernel, the following vulnerability has been resolved:

RDMA/core: Validate cpuid against nrcpu_ids in DMAH alloc

The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu() without first verifying that the value is within the valid CPU range.

Passing such untrusted data to cpumasktestcpu() may lead to an out-of-bounds read of the underlying cpumask bitmap: the helper expands to a testbit() that indexes the bitmap by cpuid / BITSPERLONG with no bound check.

In addition, on kernels built with CONFIGDEBUGPERCPUMAPS it trips the WARNONONCE() in cpumaskcheck(); combined with panicon_warn this turns a bad user input into a machine reboot.

Reject any cpuid that is not smaller than nrcpu_ids with -EINVAL before it is used.

Reported by Smatch.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53187.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d83edab562a496a42720902a1d2effccd05c37c5
Fixed
bd5e818be7964c1689fba2dad9e6bd3a827fee74
Fixed
0efbb6b54ff56300867027d8e0800d0e32226a20
Fixed
323c98a4ff06aa28114f2bf658fb43eb3b536bbc

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53187.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.17.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53187.json"