CVE-2025-71202
Unknown Unknown - Not Provided
IOMMU IOTLB Invalidation Flaw in Linux Kernel Enables Privilege Escalation

Publication date: 2026-02-14

Last updated on: 2026-03-17

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iommu/sva: invalidate stale IOTLB entries for kernel address space Introduce a new IOMMU interface to flush IOTLB paging cache entries for the CPU kernel address space. This interface is invoked from the x86 architecture code that manages combined user and kernel page tables, specifically before any kernel page table page is freed and reused. This addresses the main issue with vfree() which is a common occurrence and can be triggered by unprivileged users. While this resolves the primary problem, it doesn't address some extremely rare case related to memory unplug of memory that was present as reserved memory at boot, which cannot be triggered by unprivileged users. The discussion can be found at the link below. Enable SVA on x86 architecture since the IOMMU can now receive notification to flush the paging cache before freeing the CPU kernel page table pages.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-14
Last Modified
2026-03-17
Generated
2026-05-06
AI Q&A
2026-02-14
EPSS Evaluated
2026-05-05
NVD
CVE-2025-71202
EUVD
EUVD-2025-206994
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
linux linux_kernel From 4.4 (inc) to 6.18.7 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability in the Linux kernel relates to the handling of IOTLB (I/O Translation Lookaside Buffer) entries for the kernel address space. Specifically, stale IOTLB entries were not properly invalidated when kernel page table pages were freed and reused. This issue was addressed by introducing a new IOMMU interface that flushes the IOTLB paging cache entries for the CPU kernel address space before freeing these pages. The vulnerability could be triggered by unprivileged users through the common vfree() operation, potentially leading to stale memory mappings.


How can this vulnerability impact me? :

The impact of this vulnerability is related to the potential use of stale IOTLB entries in the kernel address space, which could lead to incorrect memory mappings. Since unprivileged users can trigger the main issue via vfree(), this could potentially be exploited to cause unexpected behavior or security issues in the kernel memory management. However, extremely rare cases related to memory unplug of reserved memory at boot are not exploitable by unprivileged users.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


What immediate steps should I take to mitigate this vulnerability?

The vulnerability has been resolved by introducing a new IOMMU interface that flushes IOTLB paging cache entries for the CPU kernel address space. To mitigate this vulnerability, you should update your Linux kernel to a version that includes this fix.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart