Robin Murphy

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the iommu/arm-smmu-v3 component in the Linux kernel. It is caused by the driver calling iommu device unregister() from the shutdown path, which removes the IOMMU groups without coordination with their users. This can lead to NULL pointer dereferences in the drivers' DMA API calls. The problem is similar to the one in SMMUv2. Instead of calling the full arm smmu device remove() from arm smmu device shutdown(), the relevant function call arm smmu device disable() is used, which is more or less the reverse of arm smmu device reset(). The exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The vulnerability is related to a use-after-free issue in the iommu component of the Linux kernel. When a device probe fails, the dev->iommu is freed, but a parallel deferred probe work func may still try to access dev->iommu->fwspec, causing a use-after-free error. This issue can potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.