CVE-2025-39961: 
Linux Kernel vulnerability analysis and mitigation

CVE-2025-39961 was disclosed on October 9, 2025, affecting the Linux kernel's AMD IOMMU host page table implementation. The vulnerability involves a race condition in the page table level increase mechanism, specifically in the iommu/amd/pgtbl component (NVD).

The vulnerability exists in the AMD IOMMU host page table implementation which supports dynamic page table levels up to 6 levels, starting with a 3-level configuration. The issue occurs when the IOMMU IOVA allocator switches from 32-bit to 64-bit addressing. During unmap operations in iommu_v1_unmap_pages(), fetch_pte() reads pgtable->[root/mode] without proper locking, potentially leading to incorrect page table level readings when increase_address_space() is updating pgtable->[root/mode]. The vulnerability has been assigned a CVSS v3.1 score of 5.3 with vector AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:H (Red Hat).

When exploited, this vulnerability can cause iommu_unmap operations to fail and trigger upper layer retry attempts or WARN_ON logs. The impact primarily affects system stability and potentially system availability, with a low impact on integrity and no direct impact on confidentiality (Red Hat).

A fix has been implemented by adding a seqcount mechanism to enable lock-free read operations on the read path, as page table level updates are infrequent and already synchronized with a spinlock. As a temporary workaround, systems can prevent the amd_iommu module from loading (Red Hat).