CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23067

In the Linux kernel, the following vulnerability has been resolved: iommu/io-pgtable-arm: fix size_t signedness bug in unmap path __arm_lpae_unmap() returns size_t but was returning -ENOENT (negative error code) when encountering an unmapped PTE. Since size_t is unsigned, -ENOENT (typically -2) becomes a huge positive value (0xFFFFFFFFFFFFFFFE on 64-bit systems). This corrupted value propagates through the call chain: __arm_lpae_unmap() returns -ENOENT as size_t -> arm_lpae_unmap_pages() returns it -> __iommu_unmap() adds it to iova address -> iommu_pgsize() triggers BUG_ON due to corrupted iova This can cause IOVA address overflow in __iommu_unmap() loop and trigger BUG_ON in iommu_pgsize() from invalid address alignment. Fix by returning 0 instead of -ENOENT. The WARN_ON already signals the error condition, and returning 0 (meaning "nothing unmapped") is the correct semantic for size_t return type. This matches the behavior of other io-pgtable implementations (io-pgtable-arm-v7s, io-pgtable-dart) which return 0 on error conditions.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 6.9%

CVSS Severity

CVSS v3 Score 5.5

References

Products affected by CVE-2026-23067

Linux » Linux Kernel » Version: 6.16

cpe:2.3:o:linux:linux_kernel:6.16
Linux » Linux Kernel » Version: 6.16.1

cpe:2.3:o:linux:linux_kernel:6.16.1
Linux » Linux Kernel » Version: 6.16.10

cpe:2.3:o:linux:linux_kernel:6.16.10
Linux » Linux Kernel » Version: 6.16.11

cpe:2.3:o:linux:linux_kernel:6.16.11
Linux » Linux Kernel » Version: 6.16.12

cpe:2.3:o:linux:linux_kernel:6.16.12
Linux » Linux Kernel » Version: 6.16.2

cpe:2.3:o:linux:linux_kernel:6.16.2
Linux » Linux Kernel » Version: 6.16.3

cpe:2.3:o:linux:linux_kernel:6.16.3
Linux » Linux Kernel » Version: 6.16.4

cpe:2.3:o:linux:linux_kernel:6.16.4
Linux » Linux Kernel » Version: 6.16.5

cpe:2.3:o:linux:linux_kernel:6.16.5
Linux » Linux Kernel » Version: 6.16.6

cpe:2.3:o:linux:linux_kernel:6.16.6
Linux » Linux Kernel » Version: 6.16.7

cpe:2.3:o:linux:linux_kernel:6.16.7
Linux » Linux Kernel » Version: 6.16.8

cpe:2.3:o:linux:linux_kernel:6.16.8
Linux » Linux Kernel » Version: 6.16.9

cpe:2.3:o:linux:linux_kernel:6.16.9
Linux » Linux Kernel » Version: 6.17

cpe:2.3:o:linux:linux_kernel:6.17
Linux » Linux Kernel » Version: 6.17.1

cpe:2.3:o:linux:linux_kernel:6.17.1
Linux » Linux Kernel » Version: 6.17.10

cpe:2.3:o:linux:linux_kernel:6.17.10
Linux » Linux Kernel » Version: 6.17.11

cpe:2.3:o:linux:linux_kernel:6.17.11
Linux » Linux Kernel » Version: 6.17.12

cpe:2.3:o:linux:linux_kernel:6.17.12
Linux » Linux Kernel » Version: 6.17.13

cpe:2.3:o:linux:linux_kernel:6.17.13
Linux » Linux Kernel » Version: 6.17.2

cpe:2.3:o:linux:linux_kernel:6.17.2
Linux » Linux Kernel » Version: 6.17.3

cpe:2.3:o:linux:linux_kernel:6.17.3
Linux » Linux Kernel » Version: 6.17.4

cpe:2.3:o:linux:linux_kernel:6.17.4
Linux » Linux Kernel » Version: 6.17.5

cpe:2.3:o:linux:linux_kernel:6.17.5
Linux » Linux Kernel » Version: 6.17.6

cpe:2.3:o:linux:linux_kernel:6.17.6
Linux » Linux Kernel » Version: 6.17.7

cpe:2.3:o:linux:linux_kernel:6.17.7
Linux » Linux Kernel » Version: 6.17.8

cpe:2.3:o:linux:linux_kernel:6.17.8
Linux » Linux Kernel » Version: 6.17.9

cpe:2.3:o:linux:linux_kernel:6.17.9
Linux » Linux Kernel » Version: 6.18

cpe:2.3:o:linux:linux_kernel:6.18
Linux » Linux Kernel » Version: 6.18.1

cpe:2.3:o:linux:linux_kernel:6.18.1
Linux » Linux Kernel » Version: 6.18.2

cpe:2.3:o:linux:linux_kernel:6.18.2
Linux » Linux Kernel » Version: 6.18.3

cpe:2.3:o:linux:linux_kernel:6.18.3
Linux » Linux Kernel » Version: 6.18.4

cpe:2.3:o:linux:linux_kernel:6.18.4
Linux » Linux Kernel » Version: 6.18.5

cpe:2.3:o:linux:linux_kernel:6.18.5
Linux » Linux Kernel » Version: 6.18.6

cpe:2.3:o:linux:linux_kernel:6.18.6
Linux » Linux Kernel » Version: 6.18.7

cpe:2.3:o:linux:linux_kernel:6.18.7
Linux » Linux Kernel » Version: 6.19

cpe:2.3:o:linux:linux_kernel:6.19

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-23067

Products

Pricing

Contact Us