In the Linux kernel, the following vulnerability has been resolved:
iommu/amd: serialize sequence allocation under concurrent TLB invalidations
With concurrent TLB invalidations, completion wait randomly gets timed out because cmdsemval was incremented outside the IOMMU spinlock, allowing CMDCOMPLWAIT commands to be queued out of sequence and breaking the ordering assumption in waitonsem(). Move the cmdsemval increment under iommu->lock so completion sequence allocation is serialized with command queuing. And remove the unnecessary return.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/43xxx/CVE-2026-43220.json",
"cna_assigner": "Linux"
}