Description
In the Linux kernel, the following vulnerability has been resolved:

iommu/riscv: Add IOTINVAL after updating DDT/PDT entries

Add riscv_iommu_iodir_iotinval() to perform required TLB and context cache
invalidations after updating DDT or PDT entries, as mandated by the RISC-V
IOMMU specification (Section 6.3.1 and 6.3.2).
Published: 2026-06-24
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability arises from omitting the required IOTINVAL call after updating Device Domain Table or Page Directory Table entries in the RISC‑V IOMMU subsystem. This omission can leave stale I/O TLB and context cache entries that may map to privileged device memory. Based on the description, it is inferred that a malicious kernel component could potentially read or modify memory regions that should have been invalidated, allowing possible elevation of privileges or corruption of protected resources. The vulnerability description does not explicitly state that unprivileged users can exploit the flaw.

Affected Systems

The Linux kernel for RISC‑V architectures, particularly those that enable the IOMMU subsystem. All builds running on RISC‑V CPUs that enable IOMMU support are potentially affected if they contain the older code path lacking the IOTINVAL invocation. Kernels that do not yet include the commit adding the required invalidation routine remain at risk.

Risk and Exploitability

The EPSS score is less than 1% and the vulnerability is not listed in the CISA KEV catalog, suggesting that exploitation at present is considered unlikely. It is inferred that the most realistic attack scenario involves a local kernel‑level adversary or a compromised device driver that can modify DDT or PDT entries. In that situation the failure to perform IOTINVAL could allow access to stale mappings, leading to confidentiality, integrity or availability impacts. The overall risk is therefore moderate: the probability of exploitation is low, but the potential impact could be significant if the flaw were leveraged. The CVSS score of 8.8 indicates high severity for this vulnerability.

Generated by OpenCVE AI on June 28, 2026 at 14:30 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest Linux kernel update that incorporates the IOTINVAL patch to the IOMMU code.
  • If the system cannot be updated immediately, disable IOMMU support for devices that do not require it to reduce the attack surface.
  • Alternatively, backport the specific commit that adds the missing IOTINVAL call to the current kernel source and rebuild the kernel.

Generated by OpenCVE AI on June 28, 2026 at 14:30 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 28 Jun 2026 08:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H'}


Fri, 26 Jun 2026 06:00:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Fri, 26 Jun 2026 00:15:00 +0000


Wed, 24 Jun 2026 19:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-284

Wed, 24 Jun 2026 17:15:00 +0000

Type Values Removed Values Added
Description In the Linux kernel, the following vulnerability has been resolved: iommu/riscv: Add IOTINVAL after updating DDT/PDT entries Add riscv_iommu_iodir_iotinval() to perform required TLB and context cache invalidations after updating DDT or PDT entries, as mandated by the RISC-V IOMMU specification (Section 6.3.1 and 6.3.2).
Title iommu/riscv: Add IOTINVAL after updating DDT/PDT entries
First Time appeared Linux
Linux linux Kernel
CPEs cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Vendors & Products Linux
Linux linux Kernel
References

Subscriptions

Linux Linux Kernel
cve-icon MITRE

Status: PUBLISHED

Assigner: Linux

Published:

Updated: 2026-06-28T06:38:48.750Z

Reserved: 2026-06-09T07:44:35.381Z

Link: CVE-2026-53057

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

Severity :

Publid Date: 2026-06-24T00:00:00Z

Links: CVE-2026-53057 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-06-28T14:45:17Z

Weaknesses
  • CWE-524

    Use of Cache Containing Sensitive Information