CVE-2025-40058

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2025-40058
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-40058.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2025-40058
Downstream
Related
Published
2025-10-28T11:48:31Z
Modified
2025-10-28T20:23:47.105031Z
Summary
iommu/vt-d: Disallow dirty tracking if incoherent page walk
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Disallow dirty tracking if incoherent page walk

Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must be coherent between the IOMMU and the CPU. In another word, if the iommu page walk is incoherent, dirty page tracking doesn't work.

The Intel VT-d specification, Section 3.10 "Snoop Behavior" states:

"Remapping hardware encountering the need to atomically update A/EA/D bits in a paging-structure entry that is not snooped will result in a non- recoverable fault."

To prevent an IOMMU from being incorrectly configured for dirty page tracking when it is operating in an incoherent mode, mark SSADS as supported only when both ecapslads and ecapsmpwc are supported.

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f35f22cc760eb2c7034bf53251399685d611e03f
Fixed
ebe16d245a00626bb87163862a1b07daf5475a3e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f35f22cc760eb2c7034bf53251399685d611e03f
Fixed
8d096ce0e87bdc361f0b25d7943543bc53aa0b9e
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f35f22cc760eb2c7034bf53251399685d611e03f
Fixed
57f55048e564dedd8a4546d018e29d6bbfff0a7e

Affected versions

v6.*

v6.10
v6.10-rc1
v6.10-rc2
v6.10-rc3
v6.10-rc4
v6.10-rc5
v6.10-rc6
v6.10-rc7
v6.11
v6.11-rc1
v6.11-rc2
v6.11-rc3
v6.11-rc4
v6.11-rc5
v6.11-rc6
v6.11-rc7
v6.12
v6.12-rc1
v6.12-rc2
v6.12-rc3
v6.12-rc4
v6.12-rc5
v6.12-rc6
v6.12-rc7
v6.12.1
v6.12.10
v6.12.11
v6.12.12
v6.12.13
v6.12.14
v6.12.15
v6.12.16
v6.12.17
v6.12.18
v6.12.19
v6.12.2
v6.12.20
v6.12.21
v6.12.22
v6.12.23
v6.12.24
v6.12.25
v6.12.26
v6.12.27
v6.12.28
v6.12.29
v6.12.3
v6.12.30
v6.12.31
v6.12.32
v6.12.33
v6.12.34
v6.12.35
v6.12.36
v6.12.37
v6.12.38
v6.12.39
v6.12.4
v6.12.40
v6.12.41
v6.12.42
v6.12.43
v6.12.44
v6.12.45
v6.12.46
v6.12.47
v6.12.48
v6.12.49
v6.12.5
v6.12.50
v6.12.51
v6.12.52
v6.12.6
v6.12.7
v6.12.8
v6.12.9
v6.13
v6.13-rc1
v6.13-rc2
v6.13-rc3
v6.13-rc4
v6.13-rc5
v6.13-rc6
v6.13-rc7
v6.14
v6.14-rc1
v6.14-rc2
v6.14-rc3
v6.14-rc4
v6.14-rc5
v6.14-rc6
v6.14-rc7
v6.15
v6.15-rc1
v6.15-rc2
v6.15-rc3
v6.15-rc4
v6.15-rc5
v6.15-rc6
v6.15-rc7
v6.16
v6.16-rc1
v6.16-rc2
v6.16-rc3
v6.16-rc4
v6.16-rc5
v6.16-rc6
v6.16-rc7
v6.17
v6.17-rc1
v6.17-rc2
v6.17-rc3
v6.17-rc4
v6.17-rc5
v6.17-rc6
v6.17-rc7
v6.17.1
v6.17.2
v6.6
v6.6-rc3
v6.6-rc4
v6.6-rc5
v6.6-rc6
v6.6-rc7
v6.7
v6.7-rc1
v6.7-rc2
v6.7-rc3
v6.7-rc4
v6.7-rc5
v6.7-rc6
v6.7-rc7
v6.7-rc8
v6.8
v6.8-rc1
v6.8-rc2
v6.8-rc3
v6.8-rc4
v6.8-rc5
v6.8-rc6
v6.8-rc7
v6.9
v6.9-rc1
v6.9-rc2
v6.9-rc3
v6.9-rc4
v6.9-rc5
v6.9-rc6
v6.9-rc7

Database specific

vanir_signatures

[
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/iommu/intel/iommu.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@8d096ce0e87bdc361f0b25d7943543bc53aa0b9e",
        "digest": {
            "line_hashes": [
                "217212501567637433176490051356663257590",
                "243195744017323030740860850942611755403",
                "122795101855088312481038024866179211460",
                "316804620101499417769219817207837419134"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2025-40058-4ec76b78"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/iommu/intel/iommu.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@ebe16d245a00626bb87163862a1b07daf5475a3e",
        "digest": {
            "line_hashes": [
                "217212501567637433176490051356663257590",
                "243195744017323030740860850942611755403",
                "122795101855088312481038024866179211460",
                "316804620101499417769219817207837419134"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2025-40058-77d9d932"
    },
    {
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "file": "drivers/iommu/intel/iommu.h"
        },
        "source": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git@57f55048e564dedd8a4546d018e29d6bbfff0a7e",
        "digest": {
            "line_hashes": [
                "217212501567637433176490051356663257590",
                "243195744017323030740860850942611755403",
                "122795101855088312481038024866179211460",
                "316804620101499417769219817207837419134"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "id": "CVE-2025-40058-c537365f"
    }
]

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.7.0
Fixed
6.12.53
Type
ECOSYSTEM
Events
Introduced
6.13.0
Fixed
6.17.3