CVE-2026-53133
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes >= 4G When the iommu is used
CVSS
7.8
High
EPSS
0.1%
p3
KEV
—
Exploit Today
1
0-100
Published: Jun 25, 2026 · Last modified: Jul 7, 2026 · CWE-681
0.1%EPSS · 30 days0.1%
2026-06-302026-07-16
In the Linux kernel, the following vulnerability has been resolved: RDMA/umem: Fix truncation for block sizes >= 4G When the iommu is used the linearization of the mapping can give a single block that is very large split across multiple SG entries. When __rdma_block_iter_next() reassembles the split SG entries it is overflowing the 32 bit stack values and computed the wrong DMA addresses for blocks after the truncation. Use the right types to hold DMA addresses.
- git.kernel.orghttps://git.kernel.org/stable/c/15fe76e23615f502d051ef0768f86babaf08746c
- git.kernel.orghttps://git.kernel.org/stable/c/2ff4b7817e5b78070c30f5fb5e678e452a2628b3
- git.kernel.orghttps://git.kernel.org/stable/c/8fe0231adebe086c8a459c790944ac026cd99c6e
- git.kernel.orghttps://git.kernel.org/stable/c/ac1aad8e1281534ce936c250f68084fc79c5469e
- git.kernel.orghttps://git.kernel.org/stable/c/afd35fec9297195b759078745549c2671223f24f
- git.kernel.orghttps://git.kernel.org/stable/c/baf8685bcf56dc1efb44b8f6a57c42516e549068
- git.kernel.orghttps://git.kernel.org/stable/c/cc644d5608e3b0dadc970bd6e6aa26b91ea07d0f
- git.kernel.orghttps://git.kernel.org/stable/c/dee2a49adeeb2a5e16a3fc858fa21b841c519802
CVECVSSEPSSKEVRExploitTitleMod.
CVE-2026-46027.5 HIG39.2%
——12Versions of the package jsrsasign before 11.1.1 are vulnerable to Incorrect Conversion between Numeric Types due to handling negative exponents in ext/jsbn2.js. An attacker can force the computation of incorrect modular inverses and break signature verification by calling modPow with a negative exponent.2dCVE-2026-551237.8 HIG27.0%
——8Heap-based buffer overflow in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.22hCVE-2026-504027.8 HIG15.7%
——5Incorrect conversion between numeric types in Windows NTFS allows an authorized attacker to elevate privileges locally.2dCVE-2026-534666.5 MED12.5%
——4ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 6.9.13-51 and 7.1.2-26, an integer overflow in the XCF decoder can result in an out of bounds read when a crafted image is read, potentially resulting in a crash. This issue has been fixed in versions 6.9.13-51 and 7.1.2-26.15dCVE-2026-452587.8 HIG4.6%
——1dsp_mmap_single() validated the requested mapping by checking the sum of the user-supplied offset and length against the buffer size. This addition could overflow, so that a large offset and length wrapped around and passed the check. The offset was then narrowed from 64 to 32 bits when converted to a buffer address, yielding a mapping that extended past the audio buffer into unrelated kernel memory.
The /dev/dsp device nodes are world-accessible by default. On a system with an audio device, either issue allows an unprivileged local user to read and write kernel memory, which can be used to escalate privileges, potentially gaining full control of the affected system. At a minimum, an attacker can crash the kernel, resulting in a Denial of Service (DoS).16d