Description
In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Flush cache for PASID table before using it

When writing the address of a freshly allocated zero-initialized PASID
table to a PASID directory entry, do that after the CPU cache flush for
this PASID table, not before it, to avoid the time window when this
PASID table may be already used by non-coherent IOMMU hardware while
its contents in RAM is still some random old data, not zero-initialized.
Published: 2026-05-27
Score: 7.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

In Linux kernels, a race condition in the IOMMU vt-d driver causes a freshly allocated PASID table to be written to a directory entry before a CPU cache flush completes. Because many IOMMU hardware units are non‑coherent, the device could observe stale, non‑zero contents in the PASID table while the kernel memory still holds uninitialized data. If a device accesses the table during this narrow window, it may be shown incorrect page table entries, which could allow the device to read or write memory locations it should not see. This could lead to memory corruption or escalation of the device’s privileges beyond its intended permissions—an outcome that is inferred from the description but not explicitly stated in the CVE notice. The CVSS score of 7.8 signals high severity and indicates that the vulnerability could have significant impact if exploited.

Affected Systems

All Linux kernels derived from upstream before the commit that reordered the cache‑flush and PASID directory write remain vulnerable. The CPE details indicate the entire Linux kernel family. No specific version range is listed, so any distribution using a kernel built prior to the fix is at risk.

Risk and Exploitability

The CVSS score of 7.8 signals high severity, while the EPSS score of < 1% indicates a low exploitation probability. The flaw is not listed in the CISA KEV catalog. Exploitation would require privileged control over a device or hypervisor that can trigger IOMMU passthrough and time the access against the race. Because the attack vector involves a hardware timing race, successful exploitation is non‑trivial and would typically be limited to environments with direct device access, resulting in an overall risk that is low to moderate.

Generated by OpenCVE AI on May 30, 2026 at 12:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the commit fixing the PASID cache‑flush ordering bug.
  • If a kernel upgrade cannot be performed immediately, disable or tightly restrict IOMMU passthrough for untrusted devices, thereby eliminating the race window.
  • After applying the update, reboot the system to ensure all PASID tables are recreated with proper initial state.

Generated by OpenCVE AI on May 30, 2026 at 12:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DLA Debian DLA DLA-4606-1 linux security update
History

Sat, 30 May 2026 11:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

 cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

Thu, 28 May 2026 14:30:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Thu, 28 May 2026 12:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-821
References
Metrics threat_severity

None

 cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Moderate

Wed, 27 May 2026 16:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-362

Wed, 27 May 2026 14:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Flush cache for PASID table before using it When writing the address of a freshly allocated zero-initialized PASID table to a PASID directory entry, do that after the CPU cache flush for this PASID table, not before it, to avoid the time window when this PASID table may be already used by non-coherent IOMMU hardware while its contents in RAM is still some random old data, not zero-initialized.
Title iommu/vt-d: Flush cache for PASID table before using it
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-05-30T10:45:42.298Z

Reserved: 2026-05-13T15:03:33.080Z

Link: CVE-2026-45862

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-27T14:16:58.430

Modified: 2026-05-30T11:17:14.723

Link: CVE-2026-45862

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-27T00:00:00Z

Links: CVE-2026-45862 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-30T12:30:23Z

Weaknesses
  • CWE-821

    Incorrect Synchronization