CVE-2025-38062

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The issue concerns a vulnerability in the Linux kernel related to the use of IOMMU (Input-Output Memory Management Unit) translation for MSI (Message Signaled Interrupts) message addresses. This process involves a 2-step translation, which has an inherent lifetime problem for the pointer stored in the cookie that must remain valid between the two steps. The lack of locking at the irq layer to protect the lifetime of this pointer can lead to a use-after-free (UAF) condition, especially when the iommu domain is changed while MSI interrupts are being programmed. This can potentially allow userspace to directly race VFIO DEVICE ATTACH IOMMUFD PT and VFIO DEVICE SET IRQS, causing both the cookie pointer and the unlocked call to iommu get domain for dev() on the MSI translation path to become UAFs.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.