CVE-2026-43128
Published: May 6, 2026
Modified: May 11, 2026
CVSS v3.1
7.8
Description
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix double dma_buf_unpin in failure path In ib_umem_dmabuf_get_pinned_with_dma_device(), the call to ib_umem_dmabuf_map_pages() can fail. If this occurs, the dmabuf is immediately unpinned but the umem_dmabuf->pinned flag is still set. Then, when ib_umem_release() is called, it calls ib_umem_dmabuf_revoke() which will call dma_buf_unpin() again. Fix this by removing the immediate unpin upon failure and just let the ib_umem_release/revoke path handle it. This also ensures the proper unmap-unpin unwind ordering if the dmabuf_map_pages call happened to fail due to dma_resv_wait_timeout (and therefore has a non-NULL umem_dmabuf->sgt).
| Vendor | Product | Versions |
|---|---|---|
Linux | Linux | affected 1e4df4a21c5ac722df1099eee30cad9246c889b5 - < 70542b69abff34d24b11ae0bb200cc7a766d18dfaffected 1e4df4a21c5ac722df1099eee30cad9246c889b5 - < b324327ff6f48d8065dca67eb3b91357e72726bdaffected 1e4df4a21c5ac722df1099eee30cad9246c889b5 - < ba3bf0f1bf1d5d0404678485e872980532fcc2c4affected 1e4df4a21c5ac722df1099eee30cad9246c889b5 - < d3e32e2f3262f1b25d77c085ace38e2cc4ad75cfaffected 1e4df4a21c5ac722df1099eee30cad9246c889b5 - < 40126bcbefa79ea86672e05dae608596bab38319+1 more versions |
Linux | Linux | affected 5.16unaffected 0 - < 5.16unaffected 6.1.165 - <= 6.1.*unaffected 6.6.128 - <= 6.6.*unaffected 6.12.75 - <= 6.12.*+3 more versions |
CVSS v3.1 Details
CVSS v3.1 Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
References
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now