CVE-2026-53159 - Vulnerability Details

- misc: fastrpc: fix DMA address corruption due to find_vma misuse

Description

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: fix DMA address corruption due to find_vma misuse

fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided
pointer and compute a DMA address offset. When the address falls in a gap
before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows,
corrupting the DMA address sent to the DSP.

Replace find_vma() with vma_lookup(), which returns NULL when the address
is not contained within any VMA.

Published: 2026-06-25

Score: n/a

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Linux

unaffected

Version	Status	Constraints
`80f3afd72bd4149c57daf852905476b43bb47647`	affected	< 2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2
`80f3afd72bd4149c57daf852905476b43bb47647`	affected	< 708c17b52c60fe7a57e73b495bdee50f58feb48c
`80f3afd72bd4149c57daf852905476b43bb47647`	affected	< d3e26df2e8eb361e6bef096b2fd565476a1f14c4
`80f3afd72bd4149c57daf852905476b43bb47647`	affected	< e69e306a4cccb40a73511350cb280825a556ce3c
`80f3afd72bd4149c57daf852905476b43bb47647`	affected	< 53e06f8a3c2b085c31bf1284e2ebcb8036e99625
`80f3afd72bd4149c57daf852905476b43bb47647`	affected	< 7ba7b30ddb04646d4d638f4d8c4718a304bbbddd
`80f3afd72bd4149c57daf852905476b43bb47647`	affected	< 464c6ad2aa16e1e1df9d559289199356493d1e00
`954edc466128479872731d06f026d0e71840d153`	affected	—
`5.1.6`	affected	< 5.2

Linux

affected

Version	Status	Constraints
`5.2`	affected	—
`0`	unaffected	< 5.2
`5.15.210`	unaffected	≤ 5.15.*
`6.1.176`	unaffected	≤ 6.1.*
`6.6.143`	unaffected	≤ 6.6.*
`6.12.94`	unaffected	≤ 6.12.*
`6.18.36`	unaffected	≤ 6.18.*
`7.0.13`	unaffected	≤ 7.0.*
`7.1`	unaffected	≤ *

No data.

Vendor Product Confidence Versions

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`[80f3afd72bd4149c57daf852905476b43bb47647,2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2)`	affected	code_commit	—
`[80f3afd72bd4149c57daf852905476b43bb47647,708c17b52c60fe7a57e73b495bdee50f58feb48c)`	affected	code_commit	—
`[80f3afd72bd4149c57daf852905476b43bb47647,d3e26df2e8eb361e6bef096b2fd565476a1f14c4)`	affected	code_commit	—
`[80f3afd72bd4149c57daf852905476b43bb47647,e69e306a4cccb40a73511350cb280825a556ce3c)`	affected	code_commit	—
`[80f3afd72bd4149c57daf852905476b43bb47647,53e06f8a3c2b085c31bf1284e2ebcb8036e99625)`	affected	code_commit	—
`[80f3afd72bd4149c57daf852905476b43bb47647,7ba7b30ddb04646d4d638f4d8c4718a304bbbddd)`	affected	code_commit	—
`[80f3afd72bd4149c57daf852905476b43bb47647,464c6ad2aa16e1e1df9d559289199356493d1e00)`	affected	code_commit	—
`954edc466128479872731d06f026d0e71840d153`	affected	code_commit	—
`[5.1.6,5.2)`	affected	semver	—

Linux

Linux Kernel

99%

Version	Status	Scheme	Platform
`5.2`	affected	semver	—
`[0,5.2)`	unaffected	semver	—
`[5.15.210,5.15.*]`	unaffected	generic	—
`[6.1.176,6.1.*]`	unaffected	generic	—
`[6.6.143,6.6.*]`	unaffected	generic	—
`[6.12.94,6.12.*]`	unaffected	generic	—
`[6.18.36,6.18.*]`	unaffected	generic	—
`[7.0.13,7.0.*]`	unaffected	generic	—
`[7.1,*]`	unaffected	generic	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00172.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://git.kernel.org/stable/c/2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2
https://git.kernel.org/stable/c/464c6ad2aa16e1e1df9d559289199356493d1e00
https://git.kernel.org/stable/c/53e06f8a3c2b085c31bf1284e2ebcb8036e99625
https://git.kernel.org/stable/c/708c17b52c60fe7a57e73b495bdee50f58feb48c
https://git.kernel.org/stable/c/7ba7b30ddb04646d4d638f4d8c4718a304bbbddd
https://git.kernel.org/stable/c/d3e26df2e8eb361e6bef096b2fd565476a1f14c4
https://git.kernel.org/stable/c/e69e306a4cccb40a73511350cb280825a556ce3c
https://lore.kernel.org/linux-cve-announce/2026062549-CVE-2026-53159-d6fc@gregkh/T
https://nvd.nist.gov/vuln/detail/CVE-2026-53159
https://www.cve.org/CVERecord?id=CVE-2026-53159

History

Fri, 26 Jun 2026 00:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-191
References		https://lore.kernel.org/linux-cve-announce/2026062549-CVE-2026-53159-d6fc@gregkh/T https://nvd.nist.gov/vuln/detail/CVE-2026-53159 https://www.cve.org/CVERecord?id=CVE-2026-53159

Thu, 25 Jun 2026 12:00:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-125 CWE-193

Thu, 25 Jun 2026 09:15:00 +0000

Type	Values Removed	Values Added
Description		In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix DMA address corruption due to find_vma misuse fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided pointer and compute a DMA address offset. When the address falls in a gap before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows, corrupting the DMA address sent to the DSP. Replace find_vma() with vma_lookup(), which returns NULL when the address is not contained within any VMA.
Title		misc: fastrpc: fix DMA address corruption due to find_vma misuse
First Time appeared		Linux Linux linux Kernel
CPEs		cpe:2.3:o:linux:linux_kernel::::::::
Vendors & Products		Linux Linux linux Kernel
References		https://git.kernel.org/stable/c/2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2 https://git.kernel.org/stable/c/464c6ad2aa16e1e1df9d559289199356493d1e00 https://git.kernel.org/stable/c/53e06f8a3c2b085c31bf1284e2ebcb8036e99625 https://git.kernel.org/stable/c/708c17b52c60fe7a57e73b495bdee50f58feb48c https://git.kernel.org/stable/c/7ba7b30ddb04646d4d638f4d8c4718a304bbbddd https://git.kernel.org/stable/c/d3e26df2e8eb361e6bef096b2fd565476a1f14c4 https://git.kernel.org/stable/c/e69e306a4cccb40a73511350cb280825a556ce3c

Subscriptions

Linux Linux Kernel

MITRE

Status: PUBLISHED

Assigner: Linux

Published: 2026-06-25T08:38:41.482Z

Updated: 2026-06-25T08:38:41.482Z

Reserved: 2026-06-09T07:44:35.388Z

Link: CVE-2026-53159

Vulnrichment

No data.

NVD

No data.

Redhat

Severity :

Publid Date: 2026-06-25T00:00:00Z

Links: CVE-2026-53159 - Bugzilla

OpenCVE Enrichment

Updated: 2026-06-26T03:00:05Z

Weaknesses

Tracking

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object