{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-53229", "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "state": "PUBLISHED", "assignerShortName": "Linux", "dateReserved": "2026-06-09T07:44:35.393Z", "datePublished": "2026-06-25T08:39:28.552Z", "dateUpdated": "2026-06-28T06:40:40.498Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67", "shortName": "Linux", "dateUpdated": "2026-06-28T06:40:40.498Z"}, "descriptions": [{"lang": "en", "value": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure\n\nIn the XSK branch of mlx5e_xmit_xdp_buff(), when sq->xmit_xdp_frame()\nreturns false (e.g. XDPSQ is full), the function returns without\nunmapping the DMA address or freeing the xdp_frame allocated by\nxdp_convert_zc_to_xdp_frame(). The xdpi_fifo push only happens on\nsuccess, so the completion path cannot recover these entries.\n\nWith CONFIG_DMA_API_DEBUG=y, the leak surfaces on driver unbind:\n\n DMA-API: pci 0000:08:00.0: device driver has pending DMA\n allocations while released from device [count=1116]\n One of leaked entries details: [device address=0x000000010ffd7028]\n [size=1534 bytes] [mapped with DMA_TO_DEVICE] [mapped as phy]\n WARNING: kernel/dma/debug.c:881 at dma_debug_device_change+0x127/0x180\n ...\n DMA-API: Mapped at:\n debug_dma_map_phys+0x4b/0xd0\n dma_map_phys+0xfd/0x2d0\n mlx5e_xdp_handle+0x5ae/0xac0 [mlx5_core]\n mlx5e_xsk_skb_from_cqe_mpwrq_linear+0xc4/0x170 [mlx5_core]\n mlx5e_handle_rx_cqe_mpwrq+0xc1/0x290 [mlx5_core]\n\nAdd the missing unmap + xdp_return_frame, matching the cleanup already\ndone in mlx5e_xdp_xmit(). has_frags is rejected earlier in this branch,\nso no per-frag unmap is needed."}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "affected": [{"product": "Linux", "vendor": "Linux", "defaultStatus": "unaffected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c"], "versions": [{"version": "84a0a2310d6de247335574649726cb000c7c0074", "lessThan": "7b3eeba50fbc3b45f279037c29a87a90e8bac1e1", "status": "affected", "versionType": "git"}, {"version": "84a0a2310d6de247335574649726cb000c7c0074", "lessThan": "2789b74ae1f4b68333c9d5eec2f3354d07b16e61", "status": "affected", "versionType": "git"}, {"version": "84a0a2310d6de247335574649726cb000c7c0074", "lessThan": "0aabca726b43d833721034e97d99efcc8237b22a", "status": "affected", "versionType": "git"}, {"version": "84a0a2310d6de247335574649726cb000c7c0074", "lessThan": "b69004f5a6ad32da84d8aa5b23b9c0caafe6252e", "status": "affected", "versionType": "git"}]}, {"product": "Linux", "vendor": "Linux", "defaultStatus": "affected", "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git", "programFiles": ["drivers/net/ethernet/mellanox/mlx5/core/en/xdp.c"], "versions": [{"version": "5.3", "status": "affected"}, {"version": "0", "lessThan": "5.3", "status": "unaffected", "versionType": "semver"}, {"version": "6.12.94", "lessThanOrEqual": "6.12.*", "status": "unaffected", "versionType": "semver"}, {"version": "6.18.36", "lessThanOrEqual": "6.18.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.0.13", "lessThanOrEqual": "7.0.*", "status": "unaffected", "versionType": "semver"}, {"version": "7.1", "lessThanOrEqual": "*", "status": "unaffected", "versionType": "original_commit_for_fix"}]}], "cpeApplicability": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.12.94"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "6.18.36"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.0.13"}, {"vulnerable": true, "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "versionStartIncluding": "5.3", "versionEndExcluding": "7.1"}]}]}], "references": [{"url": "https://git.kernel.org/stable/c/7b3eeba50fbc3b45f279037c29a87a90e8bac1e1"}, {"url": "https://git.kernel.org/stable/c/2789b74ae1f4b68333c9d5eec2f3354d07b16e61"}, {"url": "https://git.kernel.org/stable/c/0aabca726b43d833721034e97d99efcc8237b22a"}, {"url": "https://git.kernel.org/stable/c/b69004f5a6ad32da84d8aa5b23b9c0caafe6252e"}], "title": "net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure", "x_generator": {"engine": "bippy-1.2.0"}}}}

{}

{}

{"bugzilla": {"description": "kernel: net/mlx5e: xsk: Fix DMA and xdp_frame leak on XDP_TX xmit failure", "id": "2492707", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2492707"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.5", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "status": "draft"}, "cwe": "CWE-772", "details": ["A flaw was found in the Linux kernel's mlx5e driver. When an XDP (eXpress Data Path) transmission fails, the driver does not properly unmap DMA (Direct Memory Access) addresses or free allocated XDP frames. This oversight can lead to a continuous leak of DMA resources and XDP frames, potentially causing resource exhaustion and system instability over time."], "name": "CVE-2026-53229", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "kernel-rt", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2026-06-25T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-53229\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-53229\nhttps://lore.kernel.org/linux-cve-announce/2026062508-CVE-2026-53229-f24c@gregkh/T"], "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[84a0a2310d6de247335574649726cb000c7c0074,7b3eeba50fbc3b45f279037c29a87a90e8bac1e1)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[84a0a2310d6de247335574649726cb000c7c0074,2789b74ae1f4b68333c9d5eec2f3354d07b16e61)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[84a0a2310d6de247335574649726cb000c7c0074,0aabca726b43d833721034e97d99efcc8237b22a)"}}, {"platform": null, "status": "affected", "versions": {"scheme": "code_commit", "value": "[84a0a2310d6de247335574649726cb000c7c0074,b69004f5a6ad32da84d8aa5b23b9c0caafe6252e)"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}, {"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "5.3"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[0,5.3)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.12.94,7.0.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[6.18.36,6.19.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "[7.0.13,7.1.0)"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "generic", "value": "[7.1,*]"}}], "enrichment": {"confidence": 99.0, "confidence_source": "inferred", "scores": [{"score": 99.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "original": {"product": "Linux", "source": "cna", "vendor": "Linux"}, "product": "linux_kernel", "vendor": "linux"}], "created": "2026-06-25T12:00:14.004897+00:00", "updated": "2026-06-28T14:45:17.250563+00:00", "vendors": ["linux", "linux$PRODUCT$linux_kernel"]}