Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-27T00:00:00 kernel: iommu/vt-d: Clear Present bit before tearing down context entry 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CWE-367

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Clear Present bit before tearing down context entry When tearing down a context entry, the current implementation zeros the entire 128-bit entry using multiple 64-bit writes. This creates a window where the hardware can fetch a "torn" entry — where some fields are already zeroed while the 'Present' bit is still set — leading to unpredictable behavior or spurious faults. While x86 provides strong write ordering, the compiler may reorder writes to the two 64-bit halves of the context entry. Even without compiler reordering, the hardware fetch is not guaranteed to be atomic with respect to multiple CPU writes. Align with the "Guidance to Software for Invalidations" in the VT-d spec (Section 6.5.3.3) by implementing the recommended ownership handshake: 1. Clear only the 'Present' (P) bit of the context entry first to signal the transition of ownership from hardware to software. 2. Use dma_wmb() to ensure the cleared bit is visible to the IOMMU. 3. Perform the required cache and context-cache invalidation to ensure hardware no longer has cached references to the entry. 4. Fully zero out the entry only after the invalidation is complete. Also, add a dma_wmb() to context_set_present() to ensure the entry is fully initialized before the 'Present' bit becomes visible.

A flaw was found in the Linux kernel's IOMMU (Input/Output Memory Management Unit) VT-d (Virtualization Technology for Directed I/O) component. When a context entry is being torn down, the 'Present' bit might not be cleared before other parts of the entry are zeroed. This can lead to the hardware reading an inconsistent state, resulting in unpredictable system behavior or spurious faults.

Red Hat Enterprise Linux 10 Fix deferred kernel Red Hat Enterprise Linux 6 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel Red Hat Enterprise Linux 7 Not affected kernel-rt Red Hat Enterprise Linux 8 Fix deferred kernel Red Hat Enterprise Linux 8 Fix deferred kernel-rt Red Hat Enterprise Linux 9 Fix deferred kernel Red Hat Enterprise Linux 9 Fix deferred kernel-rt https://www.cve.org/CVERecord?id=CVE-2026-45944 https://nvd.nist.gov/vuln/detail/CVE-2026-45944 https://lore.kernel.org/linux-cve-announce/2026052730-CVE-2026-45944-b9f7@gregkh/T