Volerion logoVolerion
Volerion logoVolerion

Linux Kernel IOMMUFD Double Attachment Vulnerability in HWPT List

Vulnerability

A vulnerability in the Linux kernel's IOMMUFD subsystem allows for the same hardware page table (HWPT) to be added twice to the I/O address space's hardware page table list. This issue arises because the HWPT is only supposed to be added once, during its creation. The flaw, a remnant of previous code rework, can lead to corruption of the linked list under certain conditions. The vulnerability specifically impacts HWPT attachments, a scenario not currently covered by the test suite. Exploitation would require creating a valid struct device with a non-system IOMMU driver, which is not possible until the bus is removed from the IOMMU code.

Impact

Adding the same HWPT to the list twice can corrupt the linked list, potentially leading to undefined behavior or crashes.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed.

Added: Dec 24, 2025, 4:35 PM
Updated: Dec 24, 2025, 4:35 PM

Vulnerability Rating

Custom Algorithm
spread
9.0
impact
0.6
exploitability
4.0
remediation
7.7
relevance
1.5
threat
3.2
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.