Impact
The Linux kernel VFIO‑PCI subsystem had a race condition during device shutdown: the device's function was disabled before its DMABUF resources were cleaned up. This left a brief window where a DMABUF handle could still access the function's BARs after the memory selection enable bit was cleared, allowing unauthorized read or write to hardware registers and memory that should have been sealed. The flaw effectively permits manipulation of device internals that could be leveraged to elevate privileges or destabilize the system. Based on the description, the likely attack vector involves a privileged process or driver that initiates a VFIO‑PCI device shutdown, creating the race window for exploitation.
Affected Systems
All Linux kernel versions prior to the commit sequence referenced in the CVE links are affected. The issue resides in the kernel source under the VFIO‑PCI module; updates that include the commits in the linked git URLs contain the fix. Systems running kernels that lack those changes are vulnerable.
Risk and Exploitability
The vulnerability requires an attacker with sufficient privileges to trigger a VFIO‑PCI device shutdown or to load a malicious driver that performs such a sequence. It carries a CVSS score of 8.8 indicating high severity, and an EPSS score of < 1% showing a very low probability of exploitation in the wild. The vulnerability is not listed in CISA’s KEV catalog. Because the race window is short and is mitigated once the kernel applies the patch, the risk is limited to environments where a privileged or compromised driver can exercise control over the device state. Successful exploitation could lead to privilege escalation or denial of service through hardware misbehavior.
OpenCVE Enrichment