Impact
The vulnerability resides in the Linux kernel’s IOMMU subsystem. During device reset, a concurrent attachment to an IOMMU group can trigger a WARN_ON in __iommu_group_set_domain_nofail(), causing the group’s domain pointer to be used after it has been freed, resulting in an unchecked use‑after‑free. This flaw could allow a local attacker with the ability to trigger or observe device reset operations to corrupt kernel memory and potentially achieve arbitrary code execution or privilege escalation.
Affected Systems
The issue affects any system running a version of the Linux kernel that has not applied the upstream fix referenced by the commit logs. It applies to all Linux kernel builds, including those used in desktop, server, and embedded environments. As the vulnerability is in core kernel code, no specific distribution version is singled out; all installations that have not yet incorporated the patch are potentially affected.
Risk and Exploitability
The CVSS score of 8.8 indicates a high severity vulnerability, and the EPSS score of <1% suggests a low probability of exploitation in the wild. The flaw is not listed in CISA’s KEV catalog. Based on the description, the likely attack vector involves local or privileged actions that trigger device resets, which would need to occur before the kernel recovers. Because the bug requires such privileged access, the risk is limited to systems where an attacker can attain these privileges, and the narrow exploitation window reduces the real‑world threat.
OpenCVE Enrichment