CVE-2026-43253 PUBLISHED

iommu/amd: move wait_on_sem() out of spinlock

Assigner: Linux
Reserved: 01.05.2026 Published: 06.05.2026 Updated: 06.05.2026

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: move wait_on_sem() out of spinlock

With iommu.strict=1, the existing completion wait path can cause soft lockups under stressed environment, as wait_on_sem() busy-waits under the spinlock with interrupts disabled.

Move the completion wait in iommu_completion_wait() out of the spinlock. wait_on_sem() only polls the hardware-updated cmd_sem and does not require iommu->lock, so holding the lock during the busy wait unnecessarily increases contention and extends the time with interrupts disabled.

Product Status

Vendor Linux
Product Linux
Versions Default: unaffected
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to f2f65b28d802a667119147444ec2ae33eebf9a58 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 715c263119fd1b918a9fcbd8a36ea5b604a46324 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to e15768e68820142077bbca402d8e902f64ade1b0 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to 496269d12072ecb219826485bdbec70c92a8eef5 (excl.)
  • affected from 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 to d2a0cac10597068567d336e85fa3cbdbe8ca62bf (excl.)
Vendor Linux
Product Linux
Versions Default: affected
  • unaffected from 6.6.128 to 6.6.* (incl.)
  • unaffected from 6.12.75 to 6.12.* (incl.)
  • unaffected from 6.18.16 to 6.18.* (incl.)
  • unaffected from 6.19.6 to 6.19.* (incl.)
  • unaffected from 7.0 to * (incl.)

References