IOMMU Vulnerability in Linux Kernel affecting MSI Interrupts
CVE-2025-38062
What is CVE-2025-38062?
In the Linux Kernel, a vulnerability exists in the handling of MSI message addresses due to the absence of proper locking mechanisms at the IRQ layer. This issue arises during the two-step IOMMU translation process for MSI interrupts, where a cookie pointer is stored in the MSI descriptor without ensuring its validity across operations. The lack of protective measures can lead to user-after-free (UAF) conditions, particularly when the IOMMU domain can be changed dynamically during VFIO operations. The fix involves eliminating the cookie pointer and directly storing the translated IOVA address in the MSI descriptor, thereby enhancing security.
Affected Version(s)
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2
Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 53f42776e435f63e5f8e61955e4c205dbfeaf524