Skip to main content

Linux Kernel CVE-2026-45862

| EUVDEUVD-2026-32328 HIGH
2026-05-27 416baaa9-dc9f-4396-8d5f-8c081fb06d67 GHSA-qqmx-g3hj-x9h7
7.8
CVSS 3.1 · Vendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67
Share

Severity by source

Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67) PRIMARY
7.8 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
SUSE
HIGH
qualitative
Red Hat
5.5 MEDIUM
qualitative

Primary rating from Vendor (416baaa9-dc9f-4396-8d5f-8c081fb06d67).

CVSS VectorVendor: 416baaa9-dc9f-4396-8d5f-8c081fb06d67

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Generated
May 30, 2026 - 11:25 vuln.today
CVSS changed
May 30, 2026 - 11:22 NVD
7.8 (HIGH)
Patch available
May 27, 2026 - 19:46 EUVD
CVE Published
May 27, 2026 - 14:16 nvd
UNKNOWN (no severity yet)
CVE Published
May 27, 2026 - 14:16 nvd
HIGH 7.8

DescriptionCVE.org

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Flush cache for PASID table before using it

When writing the address of a freshly allocated zero-initialized PASID table to a PASID directory entry, do that after the CPU cache flush for this PASID table, not before it, to avoid the time window when this PASID table may be already used by non-coherent IOMMU hardware while its contents in RAM is still some random old data, not zero-initialized.

AnalysisAI

Race condition in the Linux kernel's Intel VT-d IOMMU driver allows non-coherent IOMMU hardware to read uninitialized memory from a freshly allocated PASID table because the PASID directory entry is published before the CPU cache flush completes. With CVSS 7.8 (AV:L/AC:H/PR:L) and EPSS at 0.02% (7th percentile), no public exploit identified at time of analysis, and the issue requires local privileges plus precise timing against non-coherent IOMMU hardware. The fix is included across multiple stable kernel branches.

Technical ContextAI

The Intel VT-d (Virtualization Technology for Directed I/O) driver in drivers/iommu/intel/ manages Process Address Space ID (PASID) tables, which map device DMA accesses to per-process address spaces for Shared Virtual Addressing (SVA). On platforms where the IOMMU is non-coherent with CPU caches, the kernel must perform an explicit clflush after zero-initializing a newly allocated PASID table so the hardware observes zeros instead of stale RAM contents. The bug - a classic use-before-flush ordering error in the cache-management sequence - published the directory entry pointing at the new table before the flush, creating a window where hardware could fetch pre-initialization garbage. Per CPE/EUVD data, the regression existed in mainline 6.3, the 6.1.16-6.1.165 and 5.15.103-5.15.202 stable streams, and 5.4.237-5.5 / 5.10.175-5.10.252, with no associated CWE assigned by NVD (closest mapping is CWE-665 Improper Initialization or CWE-362 Race Condition).

RemediationAI

Vendor-released patch: upgrade to Linux 5.10.252, 5.15.202, 6.1.165, 6.6.128, 6.12.75, 6.18.14, 6.19.4, or 7.0 (or a distribution kernel that has backported the fix), matching the stable series in use. The patched commits are tracked at https://git.kernel.org/stable/c/0616137b70e6d9a547d4b60df8e1b64e36d83661 and the parallel stable backports listed in the references. If immediate kernel update is not possible, compensating controls are limited because the bug is internal to Intel IOMMU initialization; on systems that do not actually require Intel VT-d PASID/SVA functionality, disabling the IOMMU via the intel_iommu=off boot parameter or disabling Shared Virtual Memory in BIOS removes the affected code path entirely at the cost of losing DMA isolation and SVA-dependent workloads (notably accelerators, SR-IOV pass-through, and confidential-VM device assignment). Restricting local privileged access generally reduces exposure given the AV:L vector.

Vendor StatusVendor

SUSE

Severity: High
Product Status
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Availability Extension 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed

Share

CVE-2026-45862 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy