{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2025-21876","assignerOrgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","state":"PUBLISHED","assignerShortName":"Linux","dateReserved":"2024-12-29T08:45:45.781Z","datePublished":"2025-03-27T14:57:06.802Z","dateUpdated":"2026-05-11T21:08:13.883Z"},"containers":{"cna":{"providerMetadata":{"orgId":"416baaa9-dc9f-4396-8d5f-8c081fb06d67","shortName":"Linux","dateUpdated":"2026-05-11T21:08:13.883Z"},"descriptions":[{"lang":"en","value":"In the Linux kernel, the following vulnerability has been resolved:\n\niommu/vt-d: Fix suspicious RCU usage\n\nCommit <d74169ceb0d2> (\"iommu/vt-d: Allocate DMAR fault interrupts\nlocally\") moved the call to enable_drhd_fault_handling() to a code\npath that does not hold any lock while traversing the drhd list. Fix\nit by ensuring the dmar_global_lock lock is held when traversing the\ndrhd list.\n\nWithout this fix, the following warning is triggered:\n =============================\n WARNING: suspicious RCU usage\n 6.14.0-rc3 #55 Not tainted\n -----------------------------\n drivers/iommu/intel/dmar.c:2046 RCU-list traversed in non-reader section!!\n               other info that might help us debug this:\n               rcu_scheduler_active = 1, debug_locks = 1\n 2 locks held by cpuhp/1/23:\n #0: ffffffff84a67c50 (cpu_hotplug_lock){++++}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n #1: ffffffff84a6a380 (cpuhp_state-up){+.+.}-{0:0}, at: cpuhp_thread_fun+0x87/0x2c0\n stack backtrace:\n CPU: 1 UID: 0 PID: 23 Comm: cpuhp/1 Not tainted 6.14.0-rc3 #55\n Call Trace:\n  <TASK>\n  dump_stack_lvl+0xb7/0xd0\n  lockdep_rcu_suspicious+0x159/0x1f0\n  ? __pfx_enable_drhd_fault_handling+0x10/0x10\n  enable_drhd_fault_handling+0x151/0x180\n  cpuhp_invoke_callback+0x1df/0x990\n  cpuhp_thread_fun+0x1ea/0x2c0\n  smpboot_thread_fn+0x1f5/0x2e0\n  ? __pfx_smpboot_thread_fn+0x10/0x10\n  kthread+0x12a/0x2d0\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork+0x4a/0x60\n  ? __pfx_kthread+0x10/0x10\n  ret_from_fork_asm+0x1a/0x30\n  </TASK>\n\nHolding the lock in enable_drhd_fault_handling() triggers a lockdep splat\nabout a possible deadlock between dmar_global_lock and cpu_hotplug_lock.\nThis is avoided by not holding dmar_global_lock when calling\niommu_device_register(), which initiates the device probe process."}],"affected":[{"product":"Linux","vendor":"Linux","defaultStatus":"unaffected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/intel/dmar.c","drivers/iommu/intel/iommu.c"],"versions":[{"version":"d74169ceb0d2e32438946a2f1f9fc8c803304bd6","lessThan":"4117c72938493a77ab53cc4b8284be8fb6ec8065","status":"affected","versionType":"git"},{"version":"d74169ceb0d2e32438946a2f1f9fc8c803304bd6","lessThan":"c603ccbe91d189849e1439134598ec567088dcec","status":"affected","versionType":"git"},{"version":"d74169ceb0d2e32438946a2f1f9fc8c803304bd6","lessThan":"b150654f74bf0df8e6a7936d5ec51400d9ec06d8","status":"affected","versionType":"git"}]},{"product":"Linux","vendor":"Linux","defaultStatus":"affected","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","programFiles":["drivers/iommu/intel/dmar.c","drivers/iommu/intel/iommu.c"],"versions":[{"version":"6.10","status":"affected"},{"version":"0","lessThan":"6.10","status":"unaffected","versionType":"semver"},{"version":"6.12.18","lessThanOrEqual":"6.12.*","status":"unaffected","versionType":"semver"},{"version":"6.13.6","lessThanOrEqual":"6.13.*","status":"unaffected","versionType":"semver"},{"version":"6.14","lessThanOrEqual":"*","status":"unaffected","versionType":"original_commit_for_fix"}]}],"cpeApplicability":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.12.18"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.13.6"},{"vulnerable":true,"criteria":"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*","versionStartIncluding":"6.10","versionEndExcluding":"6.14"}]}]}],"references":[{"url":"https://git.kernel.org/stable/c/4117c72938493a77ab53cc4b8284be8fb6ec8065"},{"url":"https://git.kernel.org/stable/c/c603ccbe91d189849e1439134598ec567088dcec"},{"url":"https://git.kernel.org/stable/c/b150654f74bf0df8e6a7936d5ec51400d9ec06d8"}],"title":"iommu/vt-d: Fix suspicious RCU usage","x_generator":{"engine":"bippy-1.2.0"}}}}