CVE-2025-39961

CVSS v3.1

4.7

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The AMD IOMMU host page table implementation has a potential race condition during page table level increases. Specifically, in the unmap path (iommu v1 unmap pages()), the fetch pte() function reads page table level information (pgtable->[root/mode]) without a lock. This can occur when increase address space() is updating pgtable->[root/mode], potentially leading fetch pte() to read an incorrect page table level. This can cause iommu unmap operations to fail, potentially resulting in retries or warnings. The issue arises from infrequent page table level updates and a lack of synchronization on the read path. A seqcount has been implemented to enable lock-free read operations.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

AZL-68348

AZL-76434

CVE-2025-39961

ECHO-29BF-FE74-2A5D

MGASA-2025-0309

MGASA-2025-0310

OESA-2026-1759

OESA-2026-1760

OESA-2026-1761

OPENSUSE-SU-2025:20172-1

SUSE-SU-2026:20012-1

SUSE-SU-2026:20015-1

SUSE-SU-2026:20021-1

USN-8095-1

USN-8095-2

USN-8095-3

USN-8095-4

USN-8095-5

USN-8100-1

USN-8125-1

USN-8126-1

USN-8165-1

USN-8261-1

Affected Products

Amd Iommu

Debian

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-39961

Weakness Enumeration

Related Identifiers

Affected Products

References · 1785