CVE-2025-40058

Linux Kernel 6.7-6.12.53, 6.13-6.17.3, 6.18 - Denial of Service via Incoherent Page Walk Dirty Tracking

Title source: llm
STIX 2.1

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must be coherent between the IOMMU and the CPU. In another word, if the iommu page walk is incoherent, dirty page tracking doesn't work. The Intel VT-d specification, Section 3.10 "Snoop Behavior" states: "Remapping hardware encountering the need to atomically update A/EA/D bits in a paging-structure entry that is not snooped will result in a non- recoverable fault." To prevent an IOMMU from being incorrectly configured for dirty page tracking when it is operating in an incoherent mode, mark SSADS as supported only when both ecap_slads and ecap_smpwc are supported.

Scores

EPSS 0.0019
EPSS Percentile 9.3%

Details

Status published
Products (10)
linux/Kernel 6.13.0 - 6.17.3linux
linux/Kernel 6.7.0 - 6.12.53linux
Linux/Linux < 6.7
Linux/Linux 6.12.53 - 6.12.*
Linux/Linux 6.17.3 - 6.17.*
Linux/Linux 6.18
Linux/Linux 6.7
Linux/Linux f35f22cc760eb2c7034bf53251399685d611e03f - 57f55048e564dedd8a4546d018e29d6bbfff0a7e
Linux/Linux f35f22cc760eb2c7034bf53251399685d611e03f - 8d096ce0e87bdc361f0b25d7943543bc53aa0b9e
Linux/Linux f35f22cc760eb2c7034bf53251399685d611e03f - ebe16d245a00626bb87163862a1b07daf5475a3e
Published Oct 28, 2025
Tracked Since Feb 18, 2026