Impact
In the Linux kernel’s VT‑d IOMMU driver, the 512‑bit Pass‑Through ID (PASID) table entry is updated via a single 512‑bit assignment. Because Intel IOMMU hardware fetches these entries in 128‑bit chunks, writing a full entry while the Present bit remains set can produce a torn read, leaving the hardware with a mix of old and new data. This concurrency race condition (CWE‑362) and the failure to clear the Present bit before updating (CWE‑366) can corrupt the hardware state, leading to spurious faults, unpredictable device behavior, or a denial of service for virtual machines and passthrough devices.
Affected Systems
Any Linux kernel build that includes the VT‑d passthrough IOMMU driver is potentially affected, including the mainline kernel and distribution kernels that have not yet incorporated the commit that removes the unsafe 512‑bit assignment. The advisory does not list specific kernel versions, so all kernel releases before the fix should be considered at risk.
Risk and Exploitability
With a CVSS score of 8.8 the vulnerability is rated high impact, but the EPSS score is reported as <1 %, indicating a very low current exploitation probability. The flaw is not listed in CISA’s KEV catalog. Attackers would need local kernel or administrative privileges to trigger a domain replacement that causes the vulnerable PASID entry replacement; therefore the attack vector is inferred to be privileged. While no active exploits are known, the combination of high CVSS and the need for privileged access suggests that applying the patch remains the safest mitigation.
OpenCVE Enrichment