CVE-2025-68760
BaseFortify
Publication date: 2026-01-05
Last updated on: 2026-01-08
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| linux | linux_kernel | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a potential out-of-bounds read in the Linux kernel's iommu/amd component. Specifically, the function iommu_mmio_write() validates a user-provided offset assuming a 4-byte access, but the corresponding iommu_mmio_show() function performs an 8-byte read. If a user provides an offset at the boundary (mmio_phys_end - 4), the check passes incorrectly, leading to a 4-byte out-of-bounds read. The fix involved adjusting the boundary check to match the 8-byte read size.
How can this vulnerability impact me? :
This vulnerability can lead to an out-of-bounds read in kernel memory, which may cause information disclosure or system instability. An attacker could potentially exploit this to read unintended memory areas, possibly leaking sensitive information or causing a denial of service.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, update the Linux kernel to a version that includes the fix for the iommu/amd out-of-bounds read issue. The fix involves adjusting the boundary check in iommu_mmio_write() to correctly handle 8-byte reads, preventing out-of-bounds access. Until the update is applied, restrict untrusted user access to the affected iommu interfaces to minimize risk.