CVE-2025-38625

Summary

In the Linux kernel, the following vulnerability has been resolved:

vfio/pds: Fix missing detach_ioas op

When CONFIG_IOMMUFD is enabled and a device is bound to the pds_vfio_pci driver, the following WARN_ON() trace is seen and probe fails:

WARNING: CPU: 0 PID: 5040 at drivers/vfio/vfio_main.c:317 __vfio_register_dev+0x130/0x140 [vfio] <…> pds_vfio_pci 0000:08:00.1: probe with driver pds_vfio_pci failed with error -22

This is because the driver's vfio_device_ops.detach_ioas isn't set.

Fix this by using the generic vfio_iommufd_physical_detach_ioas function.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux38fe3975b4c2c5eeefb543e09f9620da18b0d069 < 7dbfae90c5a33f6b694e7068bc9522cc2655373daffected
LinuxLinux38fe3975b4c2c5eeefb543e09f9620da18b0d069 < 1df8150ab4cc422bddfbd312d6758c50b688a971affected
LinuxLinux38fe3975b4c2c5eeefb543e09f9620da18b0d069 < b265dff9fcf047f660976a5c92c83e7c414a2d95affected
LinuxLinux38fe3975b4c2c5eeefb543e09f9620da18b0d069 < 88b962fbd0ac30a65d2869c68d2f145be46ebe4daffected
LinuxLinux38fe3975b4c2c5eeefb543e09f9620da18b0d069 < fe24d5bc635e103a517ec201c3cb571eeab8be2faffected
LinuxLinux6.6affected
LinuxLinux0 < 6.6unaffected
LinuxLinux6.6.102 <= 6.6.*unaffected
LinuxLinux6.12.42 <= 6.12.*unaffected
LinuxLinux6.15.10 <= 6.15.*unaffected
LinuxLinux6.16.1 <= 6.16.*unaffected
LinuxLinux6.17 <= *unaffected

Weaknesses

References