CVE-2026-43253
AMD IOMMU Completion Wait Race Condition
Publication date: 2026-05-06
Last updated on: 2026-05-06
Assigner: kernel.org
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Linux kernel's iommu/amd component. Specifically, when iommu.strict=1 is set, the completion wait path uses wait_on_sem() which busy-waits while holding a spinlock with interrupts disabled. This can cause soft lockups under stressed conditions because the busy-wait extends the time interrupts are disabled and increases contention.
The fix moves the completion wait in iommu_completion_wait() out of the spinlock since wait_on_sem() only polls a hardware-updated semaphore and does not require holding the iommu lock. This reduces contention and the duration interrupts are disabled, preventing soft lockups.
How can this vulnerability impact me? :
This vulnerability can cause soft lockups in the Linux kernel under stressed environments when iommu.strict=1 is enabled. Soft lockups mean the system can become unresponsive or experience delays because interrupts are disabled for extended periods during the busy-wait. This can degrade system performance and stability.
What immediate steps should I take to mitigate this vulnerability?
The vulnerability in the Linux kernel related to iommu/amd has been resolved by moving wait_on_sem() out of the spinlock to prevent soft lockups under stressed environments.
To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix where iommu_completion_wait() no longer holds the lock during the busy wait.