CVE-2026-43253
Analyzed Analyzed - Analysis Complete
AMD IOMMU Completion Wait Race Condition

Publication date: 2026-05-06

Last updated on: 2026-05-11

Assigner: kernel.org

Description
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: move wait_on_sem() out of spinlock With iommu.strict=1, the existing completion wait path can cause soft lockups under stressed environment, as wait_on_sem() busy-waits under the spinlock with interrupts disabled. Move the completion wait in iommu_completion_wait() out of the spinlock. wait_on_sem() only polls the hardware-updated cmd_sem and does not require iommu->lock, so holding the lock during the busy wait unnecessarily increases contention and extends the time with interrupts disabled.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-06
Last Modified
2026-05-11
Generated
2026-05-27
AI Q&A
2026-05-06
EPSS Evaluated
2026-05-26
NVD
CVE-2026-43253
EUVD
EUVD-2026-27816
Affected Vendors & Products
Showing 4 associated CPEs
Vendor Product Version / Range
linux linux_kernel From 6.7 (inc) to 6.12.75 (exc)
linux linux_kernel From 6.13 (inc) to 6.18.16 (exc)
linux linux_kernel From 6.19 (inc) to 6.19.6 (exc)
linux linux_kernel From 4.9 (inc) to 6.6.128 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-667 The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's iommu/amd component. Specifically, when iommu.strict=1 is set, the completion wait path uses wait_on_sem() which busy-waits while holding a spinlock with interrupts disabled. This can cause soft lockups under stressed conditions because the busy-wait extends the time interrupts are disabled and increases contention.

The fix moves the completion wait in iommu_completion_wait() out of the spinlock since wait_on_sem() only polls a hardware-updated semaphore and does not require holding the iommu lock. This reduces contention and the duration interrupts are disabled, preventing soft lockups.


How can this vulnerability impact me? :

This vulnerability can cause soft lockups in the Linux kernel under stressed environments when iommu.strict=1 is enabled. Soft lockups mean the system can become unresponsive or experience delays because interrupts are disabled for extended periods during the busy-wait. This can degrade system performance and stability.


What immediate steps should I take to mitigate this vulnerability?

The vulnerability in the Linux kernel related to iommu/amd has been resolved by moving wait_on_sem() out of the spinlock to prevent soft lockups under stressed environments.

To mitigate this vulnerability immediately, you should update your Linux kernel to a version that includes this fix where iommu_completion_wait() no longer holds the lock during the busy wait.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart