CVE-2025-71089

CVSS v3.1

7.8

High

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Linux kernel (affected versions not specified)

Description The Linux kernel contains a flaw related to IOMMU Shared Virtual Addressing (SVA). The kernel lacks a mechanism to notify the IOMMU of changes to kernel page tables when pages are freed and reused, potentially leading to use-after-free or write-after-free conditions. This can occur when the IOMMU caches kernel page table entries, and those entries become stale after the corresponding memory is freed and reallocated. This could allow an attacker to gain arbitrary physical memory DMA access or escalate privileges. The issue arises because the IOMMU continues to walk kernel-only page tables, caching intermediate entries even in unprivileged SVA contexts.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

AZL-74330

CVE-2025-71089

ECHO-A8B6-DC0A-FC84

MGASA-2026-0017

MGASA-2026-0018

OESA-2026-1863

OESA-2026-2176

OESA-2026-2232

OPENSUSE-SU-2026:20287-1

SUSE-SU-2026:0411-1

SUSE-SU-2026:0447-1

SUSE-SU-2026:0471-1

SUSE-SU-2026:0472-1

SUSE-SU-2026:0474-1

SUSE-SU-2026:0475-1

SUSE-SU-2026:0495-1

SUSE-SU-2026:0496-1

SUSE-SU-2026:0587-1

SUSE-SU-2026:0617-1

SUSE-SU-2026:20477-1

SUSE-SU-2026:20498-1

SUSE-SU-2026:20555-1

SUSE-SU-2026:20599-1

SUSE-SU-2026:20615-1

SUSE-SU-2026:20845-1

SUSE-SU-2026:20876-1

USN-8177-1

USN-8177-2

USN-8179-1

USN-8179-2

USN-8179-3

USN-8179-4

USN-8183-1

USN-8183-2

USN-8184-1

USN-8185-1

USN-8185-2

USN-8203-1

USN-8204-1

USN-8245-1

USN-8257-1

USN-8258-1

USN-8260-1

USN-8261-1

USN-8265-1

Affected Products

Linuxmint

Linux Kernel

Ubuntu

CVE-2025-71089

Related Identifiers

Affected Products

References · 3015