{ "threat_severity" : "Moderate", "public_date" : "2025-10-28T00:00:00Z", "bugzilla" : { "description" : "kernel: iommu/vt-d: Disallow dirty tracking if incoherent page walk", "id" : "2406776", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2406776" }, "cvss3" : { "cvss3_base_score" : "5.3", "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H", "status" : "verified" }, "cwe" : "CWE-119", "details" : [ "In the Linux kernel, the following vulnerability has been resolved:\niommu/vt-d: Disallow dirty tracking if incoherent page walk\nDirty page tracking relies on the IOMMU atomically updating the dirty bit\nin the paging-structure entry. For this operation to succeed, the paging-\nstructure memory must be coherent between the IOMMU and the CPU. In\nanother word, if the iommu page walk is incoherent, dirty page tracking\ndoesn't work.\nThe Intel VT-d specification, Section 3.10 \"Snoop Behavior\" states:\n\"Remapping hardware encountering the need to atomically update A/EA/D bits\nin a paging-structure entry that is not snooped will result in a non-\nrecoverable fault.\"\nTo prevent an IOMMU from being incorrectly configured for dirty page\ntracking when it is operating in an incoherent mode, mark SSADS as\nsupported only when both ecap_slads and ecap_smpwc are supported.", "A flaw was found in the Intel VT-d IOMMU support in the Linux kernel. When an IOMMU is configured to perform dirty-page tracking, but the page-walk memory region is incoherent between the IOMMU and CPU, the hardware may attempt to atomically update the bits in a paging-structure entry that is not properly snooped. The resulting fault could lead to a system hang and a non-recoverable state." ], "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 10", "release_date" : "2025-12-09T00:00:00Z", "advisory" : "RHSA-2025:22854", "cpe" : "cpe:/o:redhat:enterprise_linux:10.1", "package" : "kernel-0:6.12.0-124.20.1.el10_1" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-12-01T00:00:00Z", "advisory" : "RHSA-2025:22405", "cpe" : "cpe:/a:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.11.1.el9_7" }, { "product_name" : "Red Hat Enterprise Linux 9", "release_date" : "2025-12-01T00:00:00Z", "advisory" : "RHSA-2025:22405", "cpe" : "cpe:/o:redhat:enterprise_linux:9", "package" : "kernel-0:5.14.0-611.11.1.el9_7" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 8", "fix_state" : "Not affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:8" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Affected", "package_name" : "kernel-rt", "cpe" : "cpe:/o:redhat:enterprise_linux:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2025-40058\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-40058\nhttps://lore.kernel.org/linux-cve-announce/2025102815-CVE-2025-40058-0eba@gregkh/T" ], "name" : "CVE-2025-40058", "mitigation" : { "value" : "Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria, comprising ease of use and deployment, applicability to widespread installation base or stability.", "lang" : "en:us" }, "csaw" : false }