Impact
The vulnerability arises from the clone_alias() function in the Linux iommu/amd subsystem incorrectly assuming its first argument is always the original device pointer. When called through pci_for_each_dma_alias(), the function may receive an alias device pointer instead of the original. As a result, the device identifier used to copy the Device Table Entry (DTE) can be wrong, leading to stale or incorrect DTE entries being propagated to alias devices. Based on the description, it is inferred that a malicious driver or device could potentially misdirect device memory mappings, which could lead to privilege escalation or denial of service, although this effect is not explicitly documented in the CVE data.
Affected Systems
All Linux kernel versions that include the iommu/amd module are affected up until the commit that fixes clone_alias(). The fix is present in kernel releases after the commit identified by the patch URLs provided, so any distribution using a kernel older than those updates should be considered vulnerable. No specific vendor or distribution is singled out, but any system that loads the iommu/amd driver is potentially impacted.
Risk and Exploitability
The CVSS score is 8.8 and the EPSS score is < 1%, and the vulnerability is not listed in CISA KEV. The likelihood of exploitation is uncertain because the attack vector is not explicitly documented. Based on the description, the attack vector could be local where an attacker interacts with the kernel through controlling or injecting a device driver or hardware alias. This is an inference and may not be realized without further evidence. The risk level is moderate, but environments where kernel integrity and device isolation are critical should consider the potential impact.
OpenCVE Enrichment