Primary

Context

Linux Kernel IOMMU VFIO Information Structure Initialization Vulnerability

Vulnerability

Patched

A vulnerability in the Linux kernel's IOMMU subsystem can lead to improper handling of user-space data. Specifically, the issue arises in the VFIO compatibility layer of the IOMMU driver, where the 'vfio_iommu_type1_info' structure is not properly initialized before being copied to user space. This oversight can cause a mismatch in the expected size of the data, leaving certain bytes uninitialized and potentially exploitable. The vulnerability affects Linux kernel versions 6.1 and later.

Impact

The vulnerability could be exploited to read uninitialized memory, leading to information disclosure.

Added: Dec 24, 2025, 12:34 PM

Updated: Dec 24, 2025, 12:34 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

0.6

exploitability

3.5

remediation

7.7

relevance

1.5

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel IOMMU VFIO Information Structure Initialization Vulnerability

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating