CVE-2026-43220

Source
https://cve.org/CVERecord?id=CVE-2026-43220
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43220.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2026-43220
Downstream
Related
Published
2026-05-06T11:28:20.905Z
Modified
2026-06-18T03:55:19.817619971Z
Summary
iommu/amd: serialize sequence allocation under concurrent TLB invalidations
Details

In the Linux kernel, the following vulnerability has been resolved:

iommu/amd: serialize sequence allocation under concurrent TLB invalidations

With concurrent TLB invalidations, completion wait randomly gets timed out because cmdsemval was incremented outside the IOMMU spinlock, allowing CMDCOMPLWAIT commands to be queued out of sequence and breaking the ordering assumption in waitonsem(). Move the cmdsemval increment under iommu->lock so completion sequence allocation is serialized with command queuing. And remove the unnecessary return.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43220.json",
    "cna_assigner": "Linux"
}
References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
f2f65b28d802a667119147444ec2ae33eebf9a58
Fixed
d51bf43193b1e95dc4e34e540dc76e19def2ae5a
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
715c263119fd1b918a9fcbd8a36ea5b604a46324
Fixed
fca7aa0264ae99e5ff287d0ced5af0b82b121c4f
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
e15768e68820142077bbca402d8e902f64ade1b0
Fixed
5000ce7fcb31067566a1a1a2e5b5bbff93625242
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
496269d12072ecb219826485bdbec70c92a8eef5
Fixed
48caa7542a795c9679ec1bd1bc2592e05a7369a4
Type
GIT
Repo
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events
Introduced
d2a0cac10597068567d336e85fa3cbdbe8ca62bf
Fixed
9e249c48412828e807afddc21527eb734dc9bd3d

Affected versions

v6.*
v6.12.75
v6.12.76
v6.12.77
v6.12.78
v6.12.79
v6.12.80
v6.12.81
v6.12.82
v6.12.83
v6.12.84
v6.12.85
v6.12.86
v6.12.87
v6.6.128
v6.6.129
v6.6.130
v6.6.131
v6.6.132
v6.6.133
v6.6.134
v6.6.135
v6.6.136
v6.6.137
v6.6.138
v6.6.139

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43220.json"

Linux / Kernel

Package

Name
Kernel

Affected ranges

Type
ECOSYSTEM
Events
Introduced
6.6.128
Fixed
6.6.140
Type
ECOSYSTEM
Events
Introduced
6.12.75
Fixed
6.12.88

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2026-43220.json"