CVE-2026-43220 Linux CVE debrief

Who should care

Linux kernel maintainers, distro security teams, and operators running affected 6.6.x or 6.12.x kernel branches—especially systems using AMD IOMMU paths where local users or workloads could trigger the timing issue.

Technical summary

According to the CVE description, concurrent TLB invalidations exposed a race in the AMD IOMMU command path. cmd_sem_val was incremented outside the IOMMU spinlock, so CMD_COMPL_WAIT commands could be allocated out of order relative to queued invalidation commands. That broke the sequencing assumption used by wait_on_sem(), leading to random completion-wait timeouts. NVD lists the issue as affecting Linux kernel versions starting with 6.6.128 before 6.7, and 6.12.75 before 6.13.

Defensive priority

Moderate: prioritize patching affected kernel builds because the flaw can disrupt availability, but the published CVSS vector indicates local access and low privileges are required.

Recommended defensive actions

• Upgrade Linux kernel builds on affected branches to versions containing the upstream/stable fix.
• Prioritize hosts running AMD IOMMU-capable systems on the affected 6.6.x and 6.12.x lines.
• Verify vendor backports for your distribution rather than relying only on base version numbers.
• If immediate patching is delayed, reduce exposure by restricting local user access on systems where feasible and monitor for kernel log evidence of repeated completion-wait timeouts.
• Track the linked kernel patches and your distro advisories for backport status.

Evidence notes

The CVE description states the root cause: cmd_sem_val was incremented outside the IOMMU spinlock, allowing out-of-sequence CMD_COMPL_WAIT commands and timeout behavior in wait_on_sem(). NVD marks the vulnerability as modified and lists affected Linux kernel ranges as 6.6.128 through before 6.7, and 6.12.75 through before 6.13. The linked git.kernel.org references are official kernel patch and source references associated with the fix.

Official resources