VYPR
← All advisories
Unrated severityNVD Advisory· Published Oct 28, 2025· Updated Apr 15, 2026

CVE-2025-40058

CVE-2025-40058

Description

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Disallow dirty tracking if incoherent page walk

Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must be coherent between the IOMMU and the CPU. In another word, if the iommu page walk is incoherent, dirty page tracking doesn't work.

The Intel VT-d specification, Section 3.10 "Snoop Behavior" states:

"Remapping hardware encountering the need to atomically update A/EA/D bits in a paging-structure entry that is not snooped will result in a non- recoverable fault."

To prevent an IOMMU from being incorrectly configured for dirty page tracking when it is operating in an incoherent mode, mark SSADS as supported only when both ecap_slads and ecap_smpwc are supported.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

In the Linux kernel, the IOMMU VT-d driver now disables dirty page tracking when the page walk is incoherent to prevent non-recoverable faults.

Vulnerability

Details The Intel VT-d IOMMU driver in the Linux kernel incorrectly allowed dirty page tracking to be enabled even when the IOMMU page walk is incoherent. Dirty page tracking relies on the IOMMU atomically updating dirty bits in paging-structure entries, which requires memory coherency between the IOMMU and CPU. The VT-d specification (Section 3.10) states that atomic updates on non-snooped entries result in a non-recoverable fault [1].

Exploitation

An attacker who can influence IOMMU configuration or trigger DMA operations that use dirty tracking could cause the IOMMU to encounter a non-recoverable fault. This requires local access or the ability to manipulate device drivers that interact with the IOMMU. No special privileges are needed beyond the ability to trigger such operations.

Impact

Successful exploitation leads to a non-recoverable fault, likely resulting in a system crash or hang, i.e., a denial of service condition.

Mitigation

The fix is included in Linux kernel commit 8d096ce0e87b, which ensures that SSADS (Scalable Mode Page Walk Coherency) is only marked as supported when both ecap_slads and ecap_smpwc are present, preventing dirty tracking on incoherent page walks [1]. Users should apply the latest kernel updates.

References
  1. Making sure you're not a bot!

AI Insight generated on May 19, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

1

Patches

3
ebe16d245a00
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
8d096ce0e87b
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit
57f55048e564
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.gitvia osv
commit

Vulnerability mechanics

Generated on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.