AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2025-40058: In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent p

infovulnerability

security

Source: NVD/CVE DatabaseOctober 28, 2025CVE-2025-40058

Summary

A Linux kernel vulnerability (CVE-2025-40058) affects Intel VT-d IOMMU (input/output memory management unit, a hardware component that manages memory access for devices) dirty page tracking. Dirty page tracking requires the IOMMU and CPU to keep memory synchronized, but if the IOMMU's page walk (the process of reading memory structure tables) is incoherent (not synchronized), the tracking fails and can cause non-recoverable faults. The fix prevents this misconfiguration by only enabling SSADS (support for dirty tracking) when both ecap_slads and ecap_smpwc hardware capabilities are present.

Solution / Mitigation

Mark SSADS as supported only when both ecap_slads and ecap_smpwc are supported, preventing the IOMMU from being incorrectly configured for dirty page tracking when operating in incoherent mode.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Classification

Attack SophisticationModerate

Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-40058

First tracked: February 15, 2026 at 08:52 PM

Classified by LLM (prompt v3) · confidence: 95%