CVE-2025-68760
N/A
Summary
In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show
In iommu_mmio_write(), it validates the user-provided offset with the
check: iommu->dbg_mmio_offset > iommu->mmio_phys_end - 4.
This assumes a 4-byte access. However, the corresponding
show handler, iommu_mmio_show(), uses readq() to perform an 8-byte
(64-bit) read.
If a user provides an offset equal to mmio_phys_end - 4, the check
passes, and will lead to a 4-byte out-of-bounds read.
Fix this by adjusting the boundary check to use sizeof(u64), which corresponds to the size of the readq() operation.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Linux | Linux | 7a4ee419e8c144b747a8915856e91a034d7c8f34 < b959df804c33913dbfdb90750f2d693502b3d126 | affected |
| Linux | Linux | 7a4ee419e8c144b747a8915856e91a034d7c8f34 < 0ec4aaf5f3f559716a6559f3d6d9616e9470bed6 | affected |
| Linux | Linux | 7a4ee419e8c144b747a8915856e91a034d7c8f34 < a0c7005333f9a968abb058b1d77bbcd7fb7fd1e7 | affected |
| Linux | Linux | 6.17 | affected |
| Linux | Linux | 0 < 6.17 | unaffected |
| Linux | Linux | 6.17.13 <= 6.17.* | unaffected |
| Linux | Linux | 6.18.2 <= 6.18.* | unaffected |
| Linux | Linux | 6.19 <= * | unaffected |
Weaknesses
References
- https://git.kernel.org/stable/c/b959df804c33913dbfdb90750f2d693502b3d126
- https://git.kernel.org/stable/c/0ec4aaf5f3f559716a6559f3d6d9616e9470bed6
- https://git.kernel.org/stable/c/a0c7005333f9a968abb058b1d77bbcd7fb7fd1e7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.