IOMMU Vulnerability in Linux Kernel affecting MSI Interrupts
CVE-2025-38062

Currently unrated

Key Information:

Vendor

Linux
Status
Linux
Vendor
CVE Published:
18 June 2025

What is CVE-2025-38062?

In the Linux Kernel, a vulnerability exists in the handling of MSI message addresses due to the absence of proper locking mechanisms at the IRQ layer. This issue arises during the two-step IOMMU translation process for MSI interrupts, where a cookie pointer is stored in the MSI descriptor without ensuring its validity across operations. The lack of protective measures can lead to user-after-free (UAF) conditions, particularly when the IOMMU domain can be changed dynamically during VFIO operations. The fix involves eliminating the cookie pointer and directly storing the translated IOVA address in the MSI descriptor, thereby enhancing security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux ece6e6f0218b7777e650bf93728130ae6f4feb7d

Linux ece6e6f0218b7777e650bf93728130ae6f4feb7d

Linux ece6e6f0218b7777e650bf93728130ae6f4feb7d < 53f42776e435f63e5f8e61955e4c205dbfeaf524

References

https://git.kernel.org/stable/c/e4d3763223c7b72ded5342520...
https://git.kernel.org/stable/c/ba41e4e627db51d914444aee0...
https://git.kernel.org/stable/c/53f42776e435f63e5f8e61955...

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.