CVE-2025-68760

05.01.2026, 10:15

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show

In iommu_mmio_write(), it validates the user-provided offset with the
check: `iommu->dbg_mmio_offset > iommu->mmio_phys_end - 4`.
This assumes a 4-byte access. However, the corresponding
show handler, iommu_mmio_show(), uses readq() to perform an 8-byte
(64-bit) read.

If a user provides an offset equal to `mmio_phys_end - 4`, the check
passes, and will lead to a 4-byte out-of-bounds read.

Fix this by adjusting the boundary check to use sizeof(u64), which
corresponds to the size of the readq() operation.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	UNKNOWN				---
Linux	CNA	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 3%

Debian Releases

Debian Product

Codename

linux

bullseye	5.10.223-1 not-affected
trixie	6.12.57-1 not-affected
bookworm	6.1.148-1 not-affected
bullseye (security)	5.10.247-1 fixed
bookworm (security)	6.1.158-1 fixed
trixie (security)	6.12.48-1 fixed
forky	6.17.13-1 fixed
sid	6.18.3-1 fixed

Vulnerability Media Exposure

[GERMAN] Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um nicht spezifizierte Auswirkungen zu erzielen.
Published: 2026-01-04T23:00:00+00:00

References

https://git.kernel.org/stable/c/0ec4aaf5f3f559716a6559f3d6d9616e9470bed6

https://git.kernel.org/stable/c/a0c7005333f9a968abb058b1d77bbcd7fb7fd1e7

https://git.kernel.org/stable/c/b959df804c33913dbfdb90750f2d693502b3d126