CVE-2026-43220

MEDIUM EPSS 2.8%
Published May 6, 20261mo ago · Modified Jun 17, 20262w ago
5.5 CVSS 3.1
Medium
Find Similar
Published May 6, 2026 1mo ago
Last Modified Jun 17, 2026 2w ago

Description

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmd_sem_val was incremented outside the IOMMU spinlock, allowing CMD_COMPL_WAIT commands to be queued out of sequence and breaking the ordering assumption in wait_on_sem(). Move the cmd_sem_val increment under iommu->lock so completion sequence allocation is serialized with command queuing. And remove the unnecessary return.

CVSS Details

Base Score
5.5
Exploitability
1.8
Impact
3.6
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Unchanged
Confidentiality None
Integrity None
Availability High

Threat Intelligence

EPSS Exploit Probability
2.8% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Affected Products 2

VendorProductVersionRange
linuxlinux_kernel*≥6.6.128  –  <6.7
linuxlinux_kernel*≥6.12.75  –  <6.13

References 5

  • git.kernel.org https://git.kernel.org/stable/c/48caa7542a795c9679ec1bd1bc2592e05a7369a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5000ce7fcb31067566a1a1a2e5b5bbff93625242
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e249c48412828e807afddc21527eb734dc9bd3d
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/d51bf43193b1e95dc4e34e540dc76e19def2ae5a
  • git.kernel.org https://git.kernel.org/stable/c/fca7aa0264ae99e5ff287d0ced5af0b82b121c4f

Remediation

  • git.kernel.org https://git.kernel.org/stable/c/48caa7542a795c9679ec1bd1bc2592e05a7369a4
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/5000ce7fcb31067566a1a1a2e5b5bbff93625242
    Patch
  • git.kernel.org https://git.kernel.org/stable/c/9e249c48412828e807afddc21527eb734dc9bd3d
    Patch