The kernel flaw is a race condition involving the order of a CPU cache flush and the entry of a freshly allocated, zero‑initialized PASID table into the PASID directory. The bug allows the IOMMU hardware to read stale, non‑zero contents of the table while the host memory is still uninitialised. If the table is used in this window, the device may receive an incorrect set of page tables, causing it to access memory it should not be permitted to read or write. This would give a malicious device or driver privileges that exceed the normal isolation between the guest and host, potentially leading to privilege escalation or denial of service.

All Linux kernel releases that have not yet integrated the commit that fixed the issue. Since the affected product list only contains Linux, any distribution building a kernel from upstream before the race‑condition patch remains vulnerable. The specific kernel commit that introduced the fix is referenced in the links but no explicit version is listed, so any kernel built from the source before that commit remains at risk.

Since no CVSS or EPSS scores are available and the vulnerability is not listed in CISA KEV, the risk appears moderate‐to‐low in terms of exploitation likelihood. The attack requires privileged code—such as a hypervisor, privileged driver, or insider—to orchestrate the timing of the PASID table allocation and flush while a device is using the IOMMU. The limited window and need to coordinate hardware and cache state reduce the likelihood of successful exploitation, but if an attacker succeeds the impact is severe, allowing access to unauthorized memory or causing system instability.