CVE-2026-53217

Source
https://cve.org/CVERecord?id=CVE-2026-53217
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53217.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53217
Downstream
Related
Published
2026-06-25T08:39:20.186Z
Modified
2026-07-08T08:13:46.538347728Z
Severity
  • 8.6 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L CVSS Calculator
Summary
net: mvpp2: sync RX data at the hardware packet offset
Details

In the Linux kernel, the following vulnerability has been resolved:

net: mvpp2: sync RX data at the hardware packet offset

mvpp2 programs the RX queue packet offset, so hardware writes received data at dmaaddr + MVPP2SKBHEADROOM. The current CPU sync starts at dmaaddr and only covers rxbytes + MVPP2MH_SIZE bytes, which syncs the unused headroom and misses the same number of bytes at the packet tail.

On non-coherent DMA systems this can leave the CPU reading stale cache contents for the end of the received frame.

Use dmasyncsinglerangeforcpu() with MVPP2SKB_HEADROOM as the range offset so the sync covers the Marvell header and packet data actually written by hardware.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53217.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e1921168bbd4810de4197446e52f652cd0dd9541
Fixed
60412bdd1b2576659eac23a23d2d9ff96228a643
Fixed
19f8bc139e9b149d1e5bf75ae761d1bb8dd3e7d8
Fixed
a3ad9b5767c89531fc7dae951b51b0933dcf7051
Fixed
bede0f481b9137d73d1cf64309cbe4b94818a5d6
Fixed
23548007b3c66d628fc7d6b80d1e23be04ea10d9
Fixed
a13199fa224e9f776f4005d5037df03aa9ea8f37
Fixed
e302206ad84a407a7e5f3f6fe767ff5efaace689
Fixed
180235600934bef6add3be637c296d6cf3272e67

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53217.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.5.0
Fixed
5.10.259
Type
ECOSYSTEM
Events
Introduced
5.11.0
Fixed
5.15.210
Type
ECOSYSTEM
Events
Introduced
5.16.0
Fixed
6.1.176
Type
ECOSYSTEM
Events
Introduced
6.2.0
Fixed
6.6.143
Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53217.json"