Description
In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: move wait_on_sem() out of spinlock

With iommu.strict=1, the existing completion wait path can cause soft
lockups under stressed environment, as wait_on_sem() busy-waits under the
spinlock with interrupts disabled.

Move the completion wait in iommu_completion_wait() out of the spinlock.
wait_on_sem() only polls the hardware-updated cmd_sem and does not require
iommu->lock, so holding the lock during the busy wait unnecessarily
increases contention and extends the time with interrupts disabled.
Published: 2026-05-06
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The fault in iommu/amd causes the kernel to hold a spinlock while busy‑waiting for a semaphore, keeping interrupts disabled and the lock held for an extended period. This behavior, identified as a concurrency mis‑management flaw (CWE‑413) and critical resource contention (CWE‑667), can lead to soft lock‑ups under high load or repeated wait conditions, making the system unresponsive. No code execution or privileged access is required for the issue to manifest.

Affected Systems

The vulnerability resides in the Linux kernel; it affects any Linux distribution that includes the legacy iommu implementation and has not yet applied the patch. The vendor is Linux and the product is the Linux kernel. No specific version range is listed, so any kernel build containing the unpatched iommu code is potentially vulnerable.

Risk and Exploitability

The CVSS score is 7.5, with an EPSS score of < 1%, and it is not listed in the CISA KEV catalog. The likely attack vector involves generating or processing IOMMU requests that trigger the waiting path while iommu.strict=1 is set, which could be achieved by a local process or an attacker with the ability to manipulate IOMMU operations at kernel level. While the bug does not provide arbitrary code execution, it offers a straightforward denial‑of‑service path that can be exploited in environments with stressed hardware or repeated device reassignment.

Generated by OpenCVE AI on May 11, 2026 at 19:31 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the kernel to a release that incorporates the commit series fixing the waiting logic
  • If an upgrade cannot be performed immediately, rebuild the kernel by applying the patch identified in the cited commit logs
  • As a temporary mitigation, disable iommu.strict by setting "iommu.strict=0" until a kernel update or patch is applied

Generated by OpenCVE AI on May 11, 2026 at 19:31 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-667

Fri, 08 May 2026 13:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

Thu, 07 May 2026 15:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-669
CWE-737

Thu, 07 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-413
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Low

Wed, 06 May 2026 14:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-669
CWE-737

Wed, 06 May 2026 12:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinlock With iommu.strict=1, the existing completion wait path can cause soft lockups under stressed environment, as wait_on_sem() busy-waits under the spinlock with interrupts disabled. Move the completion wait in iommu_completion_wait() out of the spinlock. wait_on_sem() only polls the hardware-updated cmd_sem and does not require iommu->lock, so holding the lock during the busy wait unnecessarily increases contention and extends the time with interrupts disabled.
Title iommu/amd: move wait_on_sem() out of spinlock
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-11T22:20:58.379Z

Reserved: 2026-05-01T14:12:55.996Z

Link: CVE-2026-43253

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2026-05-06T12:16:46.033

Modified: 2026-05-11T18:40:35.057

Link: CVE-2026-43253

cve-icon Redhat

Severity : Low

Publid Date: 2026-05-06T00:00:00Z

Links: CVE-2026-43253 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-11T19:45:08Z

Weaknesses