Impact
The Linux kernel contains an integer overflow when handling the IOMMU invalidation path on RISC‑V architectures. A sign‑extended page table may reach ULONG_MAX, and adding one to this value overflows, causing the internal loop that walks the table to spin indefinitely. The resulting infinite loop can lock up the kernel thread that performs the invalidation, effectively denying service to all processes that rely on IOMMU operations. The weakness is an integer overflow, classified as CWE-190.
Affected Systems
Linux kernel running on RISC‑V hardware that uses the IOMMU subsystemextended page tables. The vulnerability exists in any kernel version that predates the patch applied in the commits listed in the references; the fix was merged but no specific release number is provided.
Risk and Exploitability
The CVSS score is not supplied, and EPSS is not available, but the lack of a KEV listing indicates limited known exploitation. Nevertheless, the infinite loop can be triggered by any operation that requires IOMMU invalidation, which a privileged user could influence or an attacker controlling a device could exploit. The risk is medium to high for impacted systems, especially if the IOMMU is actively used. No public exploit is reported, yet the kernel path that contains the overflow is a local‑privilege or device‑level trigger.
OpenCVE Enrichment