Description
In the Linux kernel, the following vulnerability has been resolved:

iommu/riscv: Add IOTINVAL after updating DDT/PDT entries

Add riscv_iommu_iodir_iotinval() to perform required TLB and context cache
invalidations after updating DDT or PDT entries, as mandated by the RISC-V
IOMMU specification (Section 6.3.1 and 6.3.2).
Published: 2026-06-24
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The kernel lacks a required instruction to perform I/O TLB and context cache invalidations after updating the DDT or PDT entries, as mandated by the RISC‑V IOMMU specification. Because stale entries may continue to be used, privileged processes could read or write memory that should belong to other contexts, leading to data leak or corruption. The missing cache clean also opens the possibility for a privileged user to maintain an outdated mapping that enables escalation or unauthorized access to restricted device memory.

Affected Systems

All RISC‑V implementations of the Linux kernel that employ IOMMU support are impacted, including those distributed by major vendors. The vulnerability is introduced in kernels that do not contain the commit adding the iommu_iotinval call; any kernel version prior to the reference commit present in the Linux repository is affected.

Risk and Exploitability

No EPSS score is currently available and the vulnerability is not listed in CISA’s KEV catalog, suggesting that active exploitation is not widespread. However, the missing invalidation could be leveraged by a local attacker with kernel privileges, or by an exploited device driver to gain higher access. The potential impact on confidentiality, integrity, and availability is serious, although the probability of exploitation remains uncertain at this time.

Generated by OpenCVE AI on June 24, 2026 at 19:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Linux kernel to a version that includes the IOTINVAL patch (commit 3f917d9bff68600f77561900f3145bd4706dc840).
  • If an immediate kernel upgrade is not feasible, restrict I/O device access by disabling IOMMU usage or limiting IOMMU groups for untrusted devices to mitigate the risk of stale translations.
  • Apply the patch manually by cherry‑picking or backporting the relevant commit to the current kernel source tree and rebuilding the kernel.

Generated by OpenCVE AI on June 24, 2026 at 19:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscv_iommu_iodir_iotinval() to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification (Section 6.3.1 and 6.3.2).
Title iommu/riscv: Add IOTINVAL after updating DDT/PDT entries
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-24T16:30:02.571Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53057

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-24T19:30:08Z

Weaknesses