VDB

CVE-2026-43220

CVE-2026-43220 PUBLISHED

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmd_sem_val was incremented outside the IOMMU spinlock, allowing CMD_COMPL_WAIT commands to be queued out of sequence and breaking the ordering assumption in wait_on_sem(). Move the cmd_sem_val increment under iommu->lock so completion sequence allocation is serialized with command queuing. And remove the unnecessary return.

EPSS 0.02% · 6.7th percentile

Risk Scores

EPSS Score
0.02%
6.7th percentile

Affected Products

VendorProductVersions
LinuxLinux*, f2f65b28d802a667119147444ec2ae33eebf9a58, 715c263119fd1b918a9fcbd8a36ea5b604a46324
linuxlinux_kernel6.12.75, 6.6.128

Timeline

  • May 6, 2026 CVE Published
  • May 6, 2026 Security Advisory
  • May 6, 2026 CVE Updated
  • May 18, 2026 EPSS Score
  • May 19, 2026 EPSS Score
  • May 20, 2026 EPSS Score
  • May 21, 2026 EPSS Score
  • May 22, 2026 EPSS Score
  • May 23, 2026 EPSS Score
  • May 24, 2026 EPSS Score
  • May 25, 2026 EPSS Score
  • May 26, 2026 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›