In the Linux kernel, the following vulnerability has been resolved:
iommu: Fix NULL group->domain dereference in pcidevresetiommudone()
Local sashiko review pointed it out that group->domain could be NULL when a default domain fails to allocate during the first probe, which can crash at domain->ops->attach_dev dereference in __iommuattachdevice() invoked by pcidevresetiommudone().
pcidevresetiommuprepare() is fine as an old_domain pointer can be NULL.
Skip the re-attach in pcidevresetiommudone() to fix the bug.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/53xxx/CVE-2026-53280.json",
"cna_assigner": "Linux"
}