CVE-2026-45862 Linux CVE debrief

Who should care

Organizations running Linux systems with Intel VT-d enabled, particularly those using virtualization with PCI device passthrough, SR-IOV, or direct device assignment. Cloud providers, hosting providers, and enterprises with virtualized workloads on Intel hardware should prioritize patching. Systems without IOMMU enabled or without PCI passthrough workloads are not directly affected.

Technical summary

The vulnerability exists in the Intel VT-d (Virtualization Technology for Directed I/O) IOMMU driver within the Linux kernel. When allocating a new Process Address Space ID (PASID) table, the code previously wrote the table's address to the PASID directory entry before performing the CPU cache flush. On systems with non-coherent IOMMU hardware, this created a timing window where the IOMMU could access the PASID table while it still contained uninitialized (stale) data from previous memory use, rather than the expected zero-initialized state. The fix reorders these operations to ensure the cache flush completes before the PASID directory entry is updated, eliminating the race condition. This vulnerability affects systems using PCI device assignment, SR-IOV, or other IOMMU-mediated device passthrough features.

Defensive priority

high

Recommended defensive actions

• Apply kernel patches from stable branches: 5.4, 5.10, 5.15, 6.1, 6.6, 6.12, and mainline
• Reboot systems after kernel update to ensure IOMMU reinitialization with corrected cache flush ordering
• Verify IOMMU passthrough device assignment functionality post-update
• Monitor for unexpected DMA errors or IOMMU faults in system logs
• Prioritize patching for systems with PCI passthrough, SR-IOV, or device assignment workloads

Evidence notes

CVE published 2026-05-27T14:16:58.430Z. Multiple stable kernel patches referenced. No CVSS score assigned by NVD at time of disclosure. Not listed in CISA KEV catalog.

Official resources