CVE-2026-53159: misc: fastrpc: fix DMA address corruption due to find_vma misuse

[Greg Kroah-Hartman <gregkh@linuxfoundation.org>]

From: Greg Kroah-Hartman <gregkh@kernel.org>

Description
===========

In the Linux kernel, the following vulnerability has been resolved:

misc: fastrpc: fix DMA address corruption due to find_vma misuse

fastrpc_get_args() uses find_vma() to look up the VMA for a user-provided
pointer and compute a DMA address offset. When the address falls in a gap
before the returned VMA, (ptr & PAGE_MASK) - vma->vm_start underflows,
corrupting the DMA address sent to the DSP.

Replace find_vma() with vma_lookup(), which returns NULL when the address
is not contained within any VMA.

The Linux kernel CVE team has assigned CVE-2026-53159 to this issue.


Affected and fixed versions
===========================

	Issue introduced in 5.2 with commit 80f3afd72bd4149c57daf852905476b43bb47647 and fixed in 5.15.210 with commit 2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2
	Issue introduced in 5.2 with commit 80f3afd72bd4149c57daf852905476b43bb47647 and fixed in 6.1.176 with commit 708c17b52c60fe7a57e73b495bdee50f58feb48c
	Issue introduced in 5.2 with commit 80f3afd72bd4149c57daf852905476b43bb47647 and fixed in 6.6.143 with commit d3e26df2e8eb361e6bef096b2fd565476a1f14c4
	Issue introduced in 5.2 with commit 80f3afd72bd4149c57daf852905476b43bb47647 and fixed in 6.12.94 with commit e69e306a4cccb40a73511350cb280825a556ce3c
	Issue introduced in 5.2 with commit 80f3afd72bd4149c57daf852905476b43bb47647 and fixed in 6.18.36 with commit 53e06f8a3c2b085c31bf1284e2ebcb8036e99625
	Issue introduced in 5.2 with commit 80f3afd72bd4149c57daf852905476b43bb47647 and fixed in 7.0.13 with commit 7ba7b30ddb04646d4d638f4d8c4718a304bbbddd
	Issue introduced in 5.2 with commit 80f3afd72bd4149c57daf852905476b43bb47647 and fixed in 7.1 with commit 464c6ad2aa16e1e1df9d559289199356493d1e00
	Issue introduced in 5.1.6 with commit 954edc466128479872731d06f026d0e71840d153

Please see https://www.kernel.org for a full list of currently supported
kernel versions by the kernel community.

Unaffected versions might change over time as fixes are backported to
older supported kernel versions.  The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2026-53159
will be updated if fixes are backported, please check that for the most
up to date information about this issue.


Affected files
==============

The file(s) affected by this issue are:
	drivers/misc/fastrpc.c


Mitigation
==========

The Linux kernel CVE team recommends that you update to the latest
stable kernel version for this, and many other bugfixes.  Individual
changes are never tested alone, but rather are part of a larger kernel
release.  Cherry-picking individual commits is not recommended or
supported by the Linux kernel community at all.  If however, updating to
the latest release is impossible, the individual changes to resolve this
issue can be found at these commits:
	https://git.kernel.org/stable/c/2d0f47e27c1fa718b29c69aa7c96a2c5161bc2c2
	https://git.kernel.org/stable/c/708c17b52c60fe7a57e73b495bdee50f58feb48c
	https://git.kernel.org/stable/c/d3e26df2e8eb361e6bef096b2fd565476a1f14c4
	https://git.kernel.org/stable/c/e69e306a4cccb40a73511350cb280825a556ce3c
	https://git.kernel.org/stable/c/53e06f8a3c2b085c31bf1284e2ebcb8036e99625
	https://git.kernel.org/stable/c/7ba7b30ddb04646d4d638f4d8c4718a304bbbddd
	https://git.kernel.org/stable/c/464c6ad2aa16e1e1df9d559289199356493d1e00