{"id":"CVE-2026-23429","summary":"iommu/sva: Fix crash in iommu_sva_unbind_device()","details":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/sva: Fix crash in iommu_sva_unbind_device()\n\ndomain-\u003emm-\u003eiommu_mm can be freed by iommu_domain_free():\n  iommu_domain_free()\n    mmdrop()\n      __mmdrop()\n        mm_pasid_drop()\nAfter iommu_domain_free() returns, accessing domain-\u003emm-\u003eiommu_mm may\ndereference a freed mm structure, leading to a crash.\n\nFix this by moving the code that accesses domain-\u003emm-\u003eiommu_mm to before\nthe call to iommu_domain_free().","modified":"2026-07-15T01:49:12.258251874Z","published":"2026-04-03T15:15:15.856Z","database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23429.json"},"references":[{"type":"WEB","url":"https://git.kernel.org/stable/c/06e14c36e20b48171df13d51b89fe67c594ed07a"},{"type":"WEB","url":"https://git.kernel.org/stable/c/58abeb7b9562f25bdfa2f5ae5ce803eb02e74433"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f5daaa2c959d9f894fb5b1ab76da8612dd220a0d"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/23xxx/CVE-2026-23429.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2026-23429"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"9f0a7ab700f8620e433b05c57fbd26c92ea186d9"},{"fixed":"58abeb7b9562f25bdfa2f5ae5ce803eb02e74433"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"e37d5a2d60a338c5917c45296bac65da1382eda5"},{"fixed":"f5daaa2c959d9f894fb5b1ab76da8612dd220a0d"},{"fixed":"06e14c36e20b48171df13d51b89fe67c594ed07a"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"6.18.7"},{"fixed":"6.18.20"}]}],"versions":["v6.18.19","v6.18.18","v6.18.17","v6.18.16","v6.18.15","v6.18.14","v6.18.13","v6.18.12","v6.18.11","v6.18.10","v6.18.9","v6.18.8","v6.18.7"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23429.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.18.20"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.19.0"},{"fixed":"6.19.10"}]}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-23429.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}