Impact
In the Linux kernel’s iommu/vt-d subsystem a flaw was discovered where the teardown logic accesses a NULL dev_pasid pointer (CWE-476) or incorrectly decrements a reference count (CWE-416). A missing PASID can cause a null-pointer dereference or corrupt the refcount, potentially triggering a use-after-free of the domain object. The result can be a kernel panic or other denial‑of‑service condition for all devices sharing that domain. The likely attack vector requires the attacker to have control over the iommu/vt-d subsystem, such as through a user‑space program with suitable privileges or by manipulating passthrough device settings.
Affected Systems
The flaw affects the Linux kernel, specifically any configuration that enables the iommu/vt-d interface. No specific version range is listed by the CNA; the fix was applied by commit 60f030f7418d. Users of the affected kernel branch must ensure they run a version that includes this commit.
Risk and Exploitability
The CVSS score is 8.8 and the EPSS score is <1%, indicating a high‑severity flaw with a very low probability of exploitation. The vulnerability is a local kernel flaw that requires attacker control over the iommu/vt-d subsystem to trigger the faulty teardown code. The KEV status indicates it is not currently listed as a known exploited vulnerability, thus exploitation risk appears to be low.
OpenCVE Enrichment