CVE-2025-37877 (GCVE-0-2025-37877)

Vulnerability from cvelistv5 – Published: 2025-05-09 06:45 – Updated: 2026-05-11 21:16
VLAI
Title
iommu: Clear iommu-dma ops on cleanup
Summary
In the Linux kernel, the following vulnerability has been resolved: iommu: Clear iommu-dma ops on cleanup If iommu_device_register() encounters an error, it can end up tearing down already-configured groups and default domains, however this currently still leaves devices hooked up to iommu-dma (and even historically the behaviour in this area was at best inconsistent across architectures/drivers...) Although in the case that an IOMMU is present whose driver has failed to probe, users cannot necessarily expect DMA to work anyway, it's still arguable that we should do our best to put things back as if the IOMMU driver was never there at all, and certainly the potential for crashing in iommu-dma itself is undesirable. Make sure we clean up the dev->dma_iommu flag along with everything else.
Severity
5.5 (Medium)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Assigner
References
Impacted products
Vendor Product Version
Linux Linux Affected: b5c58b2fdc427e7958412ecb2de2804a1f7c1572 , < b14d98641312d972bb3f38e82eddf92898522389 (git)
Affected: b5c58b2fdc427e7958412ecb2de2804a1f7c1572 , < 104a84276821aed0ed241ce0d82d6c3267e3fcb8 (git)
Affected: b5c58b2fdc427e7958412ecb2de2804a1f7c1572 , < 280e5a30100578106a4305ce0118e0aa9b866f12 (git)
Create a notification for this product.
Linux Linux Affected: 6.12
Unaffected: 0 , < 6.12 (semver)
Unaffected: 6.12.26 , ≤ 6.12.* (semver)
Unaffected: 6.14.5 , ≤ 6.14.* (semver)
Unaffected: 6.15 , ≤ * (original_commit_for_fix)
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "lessThan": "b14d98641312d972bb3f38e82eddf92898522389",
              "status": "affected",
              "version": "b5c58b2fdc427e7958412ecb2de2804a1f7c1572",
              "versionType": "git"
            },
            {
              "lessThan": "104a84276821aed0ed241ce0d82d6c3267e3fcb8",
              "status": "affected",
              "version": "b5c58b2fdc427e7958412ecb2de2804a1f7c1572",
              "versionType": "git"
            },
            {
              "lessThan": "280e5a30100578106a4305ce0118e0aa9b866f12",
              "status": "affected",
              "version": "b5c58b2fdc427e7958412ecb2de2804a1f7c1572",
              "versionType": "git"
            }
          ]
        },
        {
          "defaultStatus": "affected",
          "product": "Linux",
          "programFiles": [
            "drivers/iommu/iommu.c"
          ],
          "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
          "vendor": "Linux",
          "versions": [
            {
              "status": "affected",
              "version": "6.12"
            },
            {
              "lessThan": "6.12",
              "status": "unaffected",
              "version": "0",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.12.*",
              "status": "unaffected",
              "version": "6.12.26",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "6.14.*",
              "status": "unaffected",
              "version": "6.14.5",
              "versionType": "semver"
            },
            {
              "lessThanOrEqual": "*",
              "status": "unaffected",
              "version": "6.15",
              "versionType": "original_commit_for_fix"
            }
          ]
        }
      ],
      "cpeApplicability": [
        {
          "nodes": [
            {
              "cpeMatch": [
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.12.26",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.14.5",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                },
                {
                  "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                  "versionEndExcluding": "6.15",
                  "versionStartIncluding": "6.12",
                  "vulnerable": true
                }
              ],
              "negate": false,
              "operator": "OR"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu: Clear iommu-dma ops on cleanup\n\nIf iommu_device_register() encounters an error, it can end up tearing\ndown already-configured groups and default domains, however this\ncurrently still leaves devices hooked up to iommu-dma (and even\nhistorically the behaviour in this area was at best inconsistent across\narchitectures/drivers...) Although in the case that an IOMMU is present\nwhose driver has failed to probe, users cannot necessarily expect DMA to\nwork anyway, it\u0027s still arguable that we should do our best to put\nthings back as if the IOMMU driver was never there at all, and certainly\nthe potential for crashing in iommu-dma itself is undesirable. Make sure\nwe clean up the dev-\u003edma_iommu flag along with everything else."
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-11T21:16:50.432Z",
        "orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
        "shortName": "Linux"
      },
      "references": [
        {
          "url": "https://git.kernel.org/stable/c/b14d98641312d972bb3f38e82eddf92898522389"
        },
        {
          "url": "https://git.kernel.org/stable/c/104a84276821aed0ed241ce0d82d6c3267e3fcb8"
        },
        {
          "url": "https://git.kernel.org/stable/c/280e5a30100578106a4305ce0118e0aa9b866f12"
        }
      ],
      "title": "iommu: Clear iommu-dma ops on cleanup",
      "x_generator": {
        "engine": "bippy-1.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
    "assignerShortName": "Linux",
    "cveId": "CVE-2025-37877",
    "datePublished": "2025-05-09T06:45:41.751Z",
    "dateReserved": "2025-04-16T04:51:23.960Z",
    "dateUpdated": "2026-05-11T21:16:50.432Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2025-37877",
      "date": "2026-06-08",
      "epss": "0.00042",
      "percentile": "0.13097"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2025-37877\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-05-09T07:16:08.907\",\"lastModified\":\"2025-11-12T19:53:09.763\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\niommu: Clear iommu-dma ops on cleanup\\n\\nIf iommu_device_register() encounters an error, it can end up tearing\\ndown already-configured groups and default domains, however this\\ncurrently still leaves devices hooked up to iommu-dma (and even\\nhistorically the behaviour in this area was at best inconsistent across\\narchitectures/drivers...) Although in the case that an IOMMU is present\\nwhose driver has failed to probe, users cannot necessarily expect DMA to\\nwork anyway, it\u0027s still arguable that we should do our best to put\\nthings back as if the IOMMU driver was never there at all, and certainly\\nthe potential for crashing in iommu-dma itself is undesirable. Make sure\\nwe clean up the dev-\u003edma_iommu flag along with everything else.\"},{\"lang\":\"es\",\"value\":\"En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: iommu: Clear iommu-dma ops on cleanup Si iommu_device_register() encuentra un error, puede terminar derribando grupos ya configurados y dominios predeterminados, sin embargo, esto actualmente todav\u00eda deja dispositivos conectados a iommu-dma (e incluso hist\u00f3ricamente el comportamiento en esta \u00e1rea era, en el mejor de los casos, inconsistente entre arquitecturas/controladores...) Aunque en el caso de que haya un IOMMU cuyo controlador no haya podido sondear, los usuarios no necesariamente pueden esperar que DMA funcione de todos modos, todav\u00eda se puede argumentar que deber\u00edamos hacer todo lo posible para volver a poner las cosas como si el controlador IOMMU nunca hubiera estado all\u00ed, y ciertamente el potencial de bloqueo en iommu-dma en s\u00ed mismo es indeseable. Aseg\u00farese de limpiar el indicador dev-\u0026gt;dma_iommu junto con todo lo dem\u00e1s.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.12.26\",\"matchCriteriaId\":\"505F343C-3DE3-4984-A2E0-52BAFF9CC7CE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.14.5\",\"matchCriteriaId\":\"6B25CA7E-4CD0-46DB-B4EF-13A3516071FB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.15:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D465631-2980-487A-8E65-40AE2B9F8ED1\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/104a84276821aed0ed241ce0d82d6c3267e3fcb8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/280e5a30100578106a4305ce0118e0aa9b866f12\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/b14d98641312d972bb3f38e82eddf92898522389\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.