{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-53217","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2026-06-09T07:44:35.392Z","datePublished":"2026-06-25T08:39:20.186Z","dateUpdated":"2026-06-28T06:40:31.101Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-06-28T06:40:31.101Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\nnet: mvpp2: sync RX data at the hardware packet offset\n\nmvpp2 programs the RX queue packet offset, so hardware writes received\ndata at dma_addr + MVPP2_SKB_HEADROOM. The current CPU sync starts at\ndma_addr and only covers rx_bytes + MVPP2_MH_SIZE bytes, which syncs the\nunused headroom and misses the same number of bytes at the packet tail.\n\nOn non-coherent DMA systems this can leave the CPU reading stale cache\ncontents for the end of the received frame.\n\nUse dma_sync_single_range_for_cpu() with MVPP2_SKB_HEADROOM as the range\noffset so the sync covers the Marvell header and packet data actually\nwritten by hardware."}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L","baseScore":8.6,"baseSeverity":"HIGH"}}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"],"versions":[{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"60412bdd1b2576659eac23a23d2d9ff96228a643","status":"affected","versionType":"git"},{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"19f8bc139e9b149d1e5bf75ae761d1bb8dd3e7d8","status":"affected","versionType":"git"},{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"a3ad9b5767c89531fc7dae951b51b0933dcf7051","status":"affected","versionType":"git"},{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"bede0f481b9137d73d1cf64309cbe4b94818a5d6","status":"affected","versionType":"git"},{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"23548007b3c66d628fc7d6b80d1e23be04ea10d9","status":"affected","versionType":"git"},{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"a13199fa224e9f776f4005d5037df03aa9ea8f37","status":"affected","versionType":"git"},{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"e302206ad84a407a7e5f3f6fe767ff5efaace689","status":"affected","versionType":"git"},{"version":"e1921168bbd4810de4197446e52f652cd0dd9541","lessThan":"180235600934bef6add3be637c296d6cf3272e67","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/net/ethernet/marvell/mvpp2/mvpp2_main.c"],"versions":[{"version":"5.5","status":"affected"},{"version":"0","lessThan":"5.5","status":"unaffected","versionType":"semver"},{"version":"5.10.259","lessThanOrEqual":"5.10.*","status":"unaffected","versionType":"semver"},{"version":"5.15.210","lessThanOrEqual":"5.15.*","status":"unaffected","versionType":"semver"},{"version":"6.1.176","lessThanOrEqual":"6.1.*","status":"unaffected","versionType":"semver"},{"version":"6.6.143","lessThanOrEqual":"6.6.*","status":"unaffected","versionType":"semver"},{"version":"6.12.94","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.18.36","lessThanOrEqual":"6.18.*","status":"unaffected","versionType":"semver"},{"version":"7.0.13","lessThanOrEqual":"7.0.*","status":"unaffected","versionType":"semver"},{"version":"7.1","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.10.259"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"5.15.210"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.1.176"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.6.143"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.12.94"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"6.18.36"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"7.0.13"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"5.5","versionEndExcluding":"7.1"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/60412bdd1b2576659eac23a23d2d9ff96228a643"},{"url":"https://git.kernel.org/stable/c/19f8bc139e9b149d1e5bf75ae761d1bb8dd3e7d8"},{"url":"https://git.kernel.org/stable/c/a3ad9b5767c89531fc7dae951b51b0933dcf7051"},{"url":"https://git.kernel.org/stable/c/bede0f481b9137d73d1cf64309cbe4b94818a5d6"},{"url":"https://git.kernel.org/stable/c/23548007b3c66d628fc7d6b80d1e23be04ea10d9"},{"url":"https://git.kernel.org/stable/c/a13199fa224e9f776f4005d5037df03aa9ea8f37"},{"url":"https://git.kernel.org/stable/c/e302206ad84a407a7e5f3f6fe767ff5efaace689"},{"url":"https://git.kernel.org/stable/c/180235600934bef6add3be637c296d6cf3272e67"}],"title":"net: mvpp2: sync RX data at the hardware packet offset","x_generator":{"engine":"bippy-1.2.0"}}}}