CVE-2025-40058

Summary

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Disallow dirty tracking if incoherent page walk

Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must be coherent between the IOMMU and the CPU. In another word, if the iommu page walk is incoherent, dirty page tracking doesn't work.

The Intel VT-d specification, Section 3.10 "Snoop Behavior" states:

"Remapping hardware encountering the need to atomically update A/EA/D bits in a paging-structure entry that is not snooped will result in a non- recoverable fault."

To prevent an IOMMU from being incorrectly configured for dirty page tracking when it is operating in an incoherent mode, mark SSADS as supported only when both ecap_slads and ecap_smpwc are supported.

Affected Software

VendorProductVersion RangeStatus
LinuxLinuxf35f22cc760eb2c7034bf53251399685d611e03f < ebe16d245a00626bb87163862a1b07daf5475a3eaffected
LinuxLinuxf35f22cc760eb2c7034bf53251399685d611e03f < 8d096ce0e87bdc361f0b25d7943543bc53aa0b9eaffected
LinuxLinuxf35f22cc760eb2c7034bf53251399685d611e03f < 57f55048e564dedd8a4546d018e29d6bbfff0a7eaffected
LinuxLinux6.7affected
LinuxLinux0 < 6.7unaffected
LinuxLinux6.12.53 <= 6.12.*unaffected
LinuxLinux6.17.3 <= 6.17.*unaffected
LinuxLinux6.18 <= *unaffected

Weaknesses

References