Race Condition Vulnerability in AMD IOMMU Page Table Management
CVE-2025-39961
What is CVE-2025-39961?
A race condition has been identified in the AMD IOMMU host's page table management within the Linux kernel. This vulnerability occurs during the unmap operation when the fetch_pte() function attempts to read the page table level without proper synchronization. The issue arises when the page table level is being changed by the increase_address_space() function on one CPU core, while another core tries to read the page table level simultaneously. If this read occurs during the update, it may return an outdated value, causing the IOMMU unmap operation to fail. Such failures can lead to retries or warnings in the system log, impacting overall system stability. The update introduces a seqcount to facilitate lock-free read operations on the page table during infrequent updates, enhancing the robustness of memory management operations.
Affected Version(s)
Linux 754265bcab78a9014f0f99cd35e0d610fcd7dfa7 < 075abf0b1a958acfbea2435003d228e738e90346
Linux 754265bcab78a9014f0f99cd35e0d610fcd7dfa7
Linux 754265bcab78a9014f0f99cd35e0d610fcd7dfa7 < 7d462bdecb7d9c32934dab44aaeb7ea7d73a27a2