In the Linux kernel, the following vulnerability has been resolved:
RDMA/core: Validate cpuid against nrcpu_ids in DMAH alloc
The cpuid attribute supplied by user space through UVERBSATTRALLOCDMAHCPUID is passed directly to cpumasktestcpu() without first verifying that the value is within the valid CPU range.
Passing such untrusted data to cpumasktestcpu() may lead to an out-of-bounds read of the underlying cpumask bitmap: the helper expands to a testbit() that indexes the bitmap by cpuid / BITSPERLONG with no bound check.
In addition, on kernels built with CONFIGDEBUGPERCPUMAPS it trips the WARNONONCE() in cpumaskcheck(); combined with panicon_warn this turns a bad user input into a machine reboot.
Reject any cpuid that is not smaller than nrcpu_ids with -EINVAL before it is used.
Reported by Smatch.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53187.json",
"cna_assigner": "Linux"
}