iommu/vt-d: Clear Present bit before tearing down context entry

MITRE NVD CVE.ORG JSON API Print: PDF PDF

Summary

CVECVE-2026-45944
StatePUBLISHED
AssignerLinux
Source PriorityCVE Program / NVD first with legacy fallback
Published2026-05-27 14:17:10 UTC
Updated2026-05-27 14:48:03 UTC
DescriptionIn the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zeros the entire 128-bit entry using multiple 64-bit writes. This creates a window where the hardware can fetch a "torn" entry — where some fields are already zeroed while the 'Present' bit is still set — leading to unpredictable behavior or spurious faults. While x86 provides strong write ordering, the compiler may reorder writes to the two 64-bit halves of the context entry. Even without compiler reordering, the hardware fetch is not guaranteed to be atomic with respect to multiple CPU writes. Align with the "Guidance to Software for Invalidations" in the VT-d spec (Section 6.5.3.3) by implementing the recommended ownership handshake: 1. Clear only the 'Present' (P) bit of the context entry first to signal the transition of ownership from hardware to software. 2. Use dma_wmb() to ensure the cleared bit is visible to the IOMMU. 3. Perform the required cache and context-cache invalidation to ensure hardware no longer has cached references to the entry. 4. Fully zero out the entry only after the invalidation is complete. Also, add a dma_wmb() to context_set_present() to ensure the entry is fully initialized before the 'Present' bit becomes visible.

Vendor Declared Affected Products

SourceVendorProductVersionPlatforms
CNA Linux Linux affected ba39592764ed20cee09aae5352e603a27bf56b0d d2138abc8f0a7fce4101b7229b43b06811ed083d git Not specified
CNA Linux Linux affected ba39592764ed20cee09aae5352e603a27bf56b0d a922dbafb4a674d958d702038232d09a30daf770 git Not specified
CNA Linux Linux affected ba39592764ed20cee09aae5352e603a27bf56b0d c1e4f1dccbe9d7656d1c6872ebeadb5992d0aaa2 git Not specified
CNA Linux Linux affected 2.6.24 Not specified
CNA Linux Linux unaffected 2.6.24 semver Not specified
CNA Linux Linux unaffected 6.18.14 6.18.* semver Not specified
CNA Linux Linux unaffected 6.19.4 6.19.* semver Not specified
CNA Linux Linux unaffected 7.0 * original_commit_for_fix Not specified

References

ReferenceSourceLinkTags
git.kernel.org/stable/c/c1e4f1dccbe9d7656d1c6872ebeadb5992d0aaa2 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/d2138abc8f0a7fce4101b7229b43b06811ed083d 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
git.kernel.org/stable/c/a922dbafb4a674d958d702038232d09a30daf770 416baaa9-dc9f-4396-8d5f-8c081fb06d67 git.kernel.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

Free CVE JSON API cve.report/api

CVE.report and Source URL Uptime Status status.cve.report