HOMEVULNERABILITIESCVE-2026-45894
HIGH

CVE-2026-45894

Published: May 27, 2026· Updated: May 30, 2026

7.8
CVSS v3.1

Official Description

In the Linux kernel, the following vulnerability has been resolved:

iommu/vt-d: Clear Present bit before tearing down PASID entry

The Intel VT-d Scalable Mode PASID table entry consists of 512 bits (64

bytes). When tearing down an entry, the current implementation zeros the

entire 64-byte structure immediately using multiple 64-bit writes.

Since the IOMMU hardware may fetch these 64 bytes using multiple

internal transactions (e.g., four 128-bit bursts), updating or zeroing

the entire entry while it is active (P=1) risks a "torn" read. If a

hardware fetch occurs simultaneously with the CPU zeroing the entry, the

hardware could observe an inconsistent state, leading to unpredictable

behavior or spurious faults.

Follow the "Guidance to Software for Invalidations" in the VT-d spec

(Section 6.5.3.3) by implementing the recommended ownership handshake:

1. Clear only the 'Present' (P) bit of the PASID entry.

2. Use a dma_wmb() to ensure the cleared bit is visible to hardware

before proceeding.

3. Execute the required invalidation sequence (PASID cache, IOTLB, and

Device-TLB flush) to ensure the hardware has released all cached

references.

4. Only after the flushes are complete, zero out the remaining fields

of the PASID entry.

Also, add a dma_wmb() in pasid_set_present() to ensure that all other

fields of the PASID entry are visible to the hardware before the Present

bit is set.

NVD Source

Technical Analysis

CVE-2026-45894 requires local access, meaning attackers must already have a foothold on the target system.

Exploitation requires low privileges, which limits the exposure to scenarios where an attacker has already gained initial access.

A successful exploit results in complete confidentiality breach (data exposure), full integrity compromise (data manipulation), availability disruption (denial of service), with a CVSS base score of 7.8.

The vulnerability has a "Changed" scope, meaning successful exploitation can impact components beyond the vulnerable component itself — such as the host operating system or adjacent services.

CVSS v3.1 Vector Breakdown

Exploitability
Attack VectorLocal
Attack ComplexityHigh
Privileges Req.Low
User InteractionNone
ScopeChanged
Impact
ConfidentialityHigh
IntegrityHigh
AvailabilityHigh
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected Vendors & Products

Mentioned vendors (from description):
Linux
CPE data not yet available in NVD for this CVE.

Exploit & PoC Resources

NO KNOWN EXPLOITNo public exploit confirmed at this time
External links open in a new tab. Always verify in a controlled environment before use.

All References (4)

Quick Facts

CVE IDCVE-2026-45894
CVSS Score7.8 / 10
SeverityHIGH
CISA KEVNo
PublishedMay 27, 2026

Recommended Actions

  • Apply vendor patches immediately
  • Monitor CVE-2026-45894 in threat intel feeds
  • Review IDS/IPS signatures for exploitation attempts
Data sourced from NVD (NIST), CISA KEV, and EPSS (FIRST). Analysis generated by CTIWATCH.COM. CVE data is provided under the NVD usage policy.