CVE-2026-53229

Source
https://cve.org/CVERecord?id=CVE-2026-53229
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53229.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-53229
Downstream
Related
Published
2026-06-25T08:39:28.552Z
Modified
2026-07-08T08:09:46.256944383Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure
Details

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: xsk: Fix DMA and xdpframe leak on XDPTX xmit failure

In the XSK branch of mlx5exmitxdpbuff(), when sq->xmitxdpframe() returns false (e.g. XDPSQ is full), the function returns without unmapping the DMA address or freeing the xdpframe allocated by xdpconvertzctoxdpframe(). The xdpififo push only happens on success, so the completion path cannot recover these entries.

With CONFIGDMAAPI_DEBUG=y, the leak surfaces on driver unbind:

DMA-API: pci 0000:08:00.0: device driver has pending DMA allocations while released from device [count=1116] One of leaked entries details: [device address=0x000000010ffd7028] [size=1534 bytes] [mapped with DMATODEVICE] [mapped as phy] WARNING: kernel/dma/debug.c:881 at dmadebugdevicechange+0x127/0x180 ... DMA-API: Mapped at: debugdmamapphys+0x4b/0xd0 dmamapphys+0xfd/0x2d0 mlx5exdphandle+0x5ae/0xac0 [mlx5core] mlx5exskskbfromcqempwrqlinear+0xc4/0x170 [mlx5core] mlx5ehandlerxcqempwrq+0xc1/0x290 [mlx5_core]

Add the missing unmap + xdpreturnframe, matching the cleanup already done in mlx5exdpxmit(). has_frags is rejected earlier in this branch, so no per-frag unmap is needed.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53229.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
84a0a2310d6de247335574649726cb000c7c0074
Fixed
7b3eeba50fbc3b45f279037c29a87a90e8bac1e1
Fixed
2789b74ae1f4b68333c9d5eec2f3354d07b16e61
Fixed
0aabca726b43d833721034e97d99efcc8237b22a
Fixed
b69004f5a6ad32da84d8aa5b23b9c0caafe6252e

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53229.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
5.3.0
Fixed
6.12.94
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.18.36
Type
ECOSYSTEM
Events
Introduced
6.19.0
Fixed
7.0.13

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-53229.json"