CVEFinder.io

CVE-2026-43220

🔶 medium
🔍 Scan for this CVE
Summary

In the Linux kernel, the following vulnerability has been resolved: iommu/amd: serialize sequence allocation under concurrent TLB invalidations With concurrent TLB invalidations, completion wait randomly gets timed out because cmd_sem_val was incremented outside the IOMMU spinlock, allowing CMD_COMPL_WAIT commands to be queued out of sequence and breaking the ordering assumption in wait_on_sem(). Move the cmd_sem_val increment under iommu->lock so completion sequence allocation is serialized w

Description

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: serialize sequence allocation under concurrent TLB invalidations

With concurrent TLB invalidations, completion wait randomly gets timed out
because cmd_sem_val was incremented outside the IOMMU spinlock, allowing
CMD_COMPL_WAIT commands to be queued out of sequence and breaking the
ordering assumption in wait_on_sem().
Move the cmd_sem_val increment under iommu->lock so completion sequence
allocation is serialized with command queuing.
And remove the unnecessary return.

CVSS Score
5.5
Medium
EPSS Score
0.0
Exploit Probability
Published Date
2026-05-06
First Seen: 2026-05-17
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.6% of all 326,604 vulnerabilities in our database.

#220,252
Below average severity
Severity Percentile
Last Modified 2026-05-17
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

📦 Affected Products 2

Vendor Product Status Affected Versions
linux linux_kernel Affected
> 6.12.75 < 6.13
linux linux_kernel Affected
> 6.6.128 < 6.7

🔗 References 5

https://git.kernel.org/stable/c/48caa7542a795c9679ec...
Patch
https://git.kernel.org/stable/c/5000ce7fcb31067566a1...
Patch
https://git.kernel.org/stable/c/9e249c48412828e807af...
Patch
https://git.kernel.org/stable/c/d51bf43193b1e95dc4e3...
https://git.kernel.org/stable/c/fca7aa0264ae99e5ff28...

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-71313 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: PCI: endpoint: Add missing NULL check for alloc_wor... 2026-06-03
CVE-2025-71314 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Recover from panthor_gpu_flush_caches(... 2026-06-03
CVE-2026-46244 ⛔ critical 9.1 0.0 In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_inner: Fix IPv6 inner_thoff desync ... 2026-06-03
CVE-2026-46245 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix dc_link NULL handling in HPD i... 2026-06-03
CVE-2026-46246 ⚠️ high 7.8 0.0 In the Linux kernel, the following vulnerability has been resolved: power: supply: pm8916_lbc: Fix use-after-free for e... 2026-06-03
CVE-2026-46247 🔶 medium 5.5 0.0 In the Linux kernel, the following vulnerability has been resolved: clk: qcom: gfx3d: add parent to parent request map ... 2026-06-03
These CVEs affect the same products