CVE-2025-71089 – A Linux kernel vulnerability in IOMMU Shared Vi... (How to Fix)

Q: What is the severity of CVE-2025-71089?

CVE-2025-71089 has a CVSS score of 7.8 (HIGH). A Linux kernel vulnerability in IOMMU Shared Virtual Addressing (SVA) on x86 systems allows stale kernel page table entries to persist in IOMMU caches after page table pages are freed and reused. This can lead to use-after-free or write-after-free conditions, potentially enabling privilege escalation or arbitrary DMA access to physical memory. Affects Linux systems with x86 architecture and IOMMU SVA enabled.

📋 TL;DR

A Linux kernel vulnerability in IOMMU Shared Virtual Addressing (SVA) on x86 systems allows stale kernel page table entries to persist in IOMMU caches after page table pages are freed and reused. This can lead to use-after-free or write-after-free conditions, potentially enabling privilege escalation or arbitrary DMA access to physical memory. Affects Linux systems with x86 architecture and IOMMU SVA enabled.

💻 Affected Systems

Products:

Linux kernel

Versions: Versions before the fix commits (specific versions depend on distribution backports)

Operating Systems: Linux distributions running on x86 architecture

Default Config Vulnerable: ✅ No

Notes: Only vulnerable when CONFIG_X86 is set and IOMMU SVA is enabled. Many distributions may not have SVA enabled by default.

📦 What is this software?

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

Linux Kernel by Linux

The Linux Kernel is the core component of the Linux operating system, serving as the critical interface between computer hardware and software processes. As the heart of millions of servers, cloud infrastructure, embedded systems, Android devices, and IoT deployments worldwide, the Linux Kernel mana...

Learn more about Linux Kernel →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Privilege escalation to kernel-level access, arbitrary physical memory DMA access leading to complete system compromise, or data corruption.

🟠

Likely Case

System crashes, instability, or data corruption due to memory access violations.

🟢

If Mitigated

Limited impact if SVA is disabled or systems are patched; potential performance degradation from workarounds.

🌐 Internet-Facing: LOW - Requires local access or DMA-capable device access.

🏢 Internal Only: MEDIUM - Can be exploited by local users or through DMA devices on affected systems.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: HIGH

Exploitation requires understanding of kernel memory management and IOMMU operations. Likely requires local access or DMA device control.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Kernel versions containing commits: 240cd7f2812cc25496b12063d11c823618f364e9, 72f98ef9a4be30d2a60136dd6faee376f780d06c, c2c3f1a3fd74ef16cf115f0c558616a13a8471b4, c341dee80b5df49a936182341b36395c831c2661

Vendor Advisory: https://git.kernel.org/stable/c/240cd7f2812cc25496b12063d11c823618f364e9

Restart Required: Yes

Instructions:

1. Update Linux kernel to version containing the fix commits. 2. Reboot system. 3. Verify SVA is properly disabled on x86 until full fix is implemented.

🔧 Temporary Workarounds

Disable IOMMU SVA on x86

linux

Disables Shared Virtual Addressing for IOMMU on x86 systems as interim mitigation

echo 0 > /sys/module/iommu/parameters/sva
Add 'iommu.sva=0' to kernel boot parameters

🧯 If You Can't Patch

Disable IOMMU SVA feature via kernel parameters
Restrict access to systems to trusted users only

🔍 How to Verify

Check if Vulnerable:

Check if CONFIG_X86 is enabled and IOMMU SVA is active: grep -i CONFIG_X86 /boot/config-$(uname -r) && cat /sys/module/iommu/parameters/sva

Check Version:

uname -r

Verify Fix Applied:

Verify kernel version includes fix commits: uname -r && check if SVA is disabled on x86

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs related to IOMMU
Memory corruption errors in dmesg
Unexpected DMA operations

Network Indicators:

Not applicable - local vulnerability

SIEM Query:

Search for: 'kernel:.*IOMMU.*error' OR 'kernel:.*page fault.*IOMMU' OR 'kernel:.*DMA.*violation'

📊 Metadata

CVE ID: CVE-2025-71089

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score: 0.04% exploit probability (9.9th percentile)

Published: January 13, 2026

Last Updated: February 26, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON