← All CVEs

CVE-2026-53187

HIGH 7.1

Published 2026-06-25 · Last modified 2026-06-28

In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Validate cpu_id against nr_cpu_ids in DMAH alloc The cpu_id attribute supplied by user space through UVERBS_ATTR_ALLOC_DMAH_CPU_ID is passed directly to cpumask_test_cpu() without first verifying that the value is within the valid CPU range. Passing such untrusted data to cpumask_test_cpu() may lead to an out-of-bounds read of the underlying cpumask bitmap: the helper expands to a test_bit() that indexes the bitmap by cpu_id / BITS_PER_LONG with no bound check. In addition, on kernels built with CONFIG_DEBUG_PER_CPU_MAPS it trips the WARN_ON_ONCE() in cpumask_check(); combined with panic_on_warn this turns a bad user input into a machine reboot. Reject any cpu_id that is not smaller than nr_cpu_ids with -EINVAL before it is used. Reported by Smatch.

ELEVATED IMPACT

Severe if exploited (CVSS 7.1), but no known exploitation and low modeled probability. Patch on a normal cadence.

Exploitation likelihood

0.1%chance of exploitation in 30 days · 3rd percentile

○ In CISA KEV ○ Public exploit / PoC

Impact if exploited

7.1CVSS 3.1 · HIGH

  • ConfidentialityHigh
  • IntegrityNone
  • AvailabilityHigh

What an attacker needs

  • Access: Requires local access to the host
  • Privileges: Requires a low-privilege account
  • User interaction: No user interaction needed
  • Complexity: No special conditions — reliably repeatable

✓ lowers the bar for an attacker · ⚠ raises it

Affected

Vendors Linux

Products Linux

Weakness (CWE)

Not classified.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

Sources: NVD · CVE.org · EPSS