CVE-2025-68760 Overview
CVE-2025-68760 is an out-of-bounds read vulnerability in the AMD Input-Output Memory Management Unit (IOMMU) driver of the Linux kernel. The flaw resides in the iommu_mmio_show() debug handler, which performs an 8-byte (readq()) read while the related write path (iommu_mmio_write()) only validates the user-provided offset against a 4-byte boundary. A user supplying an offset equal to mmio_phys_end - 4 passes the existing check yet triggers a 4-byte out-of-bounds read beyond the mapped MMIO region [CWE-125].
Critical Impact
A local user with access to the AMD IOMMU debug interface can trigger a 4-byte out-of-bounds read from kernel-mapped MMIO memory, potentially leaking adjacent kernel data.
Affected Products
- Linux kernel — AMD IOMMU driver (drivers/iommu/amd/)
- Distributions shipping affected stable kernel branches prior to the upstream fix
- Systems with AMD IOMMU hardware where the debug MMIO interface is exposed
Discovery Timeline
- 2026-01-05 - CVE-2025-68760 published to NVD
- 2026-04-15 - Last updated in NVD database
Technical Details for CVE-2025-68760
Vulnerability Analysis
The AMD IOMMU driver exposes a debug interface that allows reading and writing MMIO registers via offsets supplied from user space. The write-side validation in iommu_mmio_write() enforces the constraint iommu->dbg_mmio_offset > iommu->mmio_phys_end - 4, which assumes a 4-byte access width. The corresponding read handler, iommu_mmio_show(), instead uses readq() to perform a 64-bit access.
When a caller supplies an offset of exactly mmio_phys_end - 4, the boundary check succeeds, but readq() then reads 8 bytes starting at that offset. The final 4 bytes lie outside the validated MMIO range, producing an out-of-bounds read into adjacent kernel-mapped memory.
The upstream fix adjusts the boundary check to use sizeof(u64), aligning the validation with the actual access width performed by readq(). Reference commits include 0ec4aaf5f3f5, a0c7005333f9, and b959df804c33 in the stable kernel tree.
Root Cause
The root cause is a mismatch between the size assumed during input validation and the size of the actual memory operation. The validation logic guarded against a 4-byte read, while the implementation performs an 8-byte readq(). This inconsistency creates a 4-byte window where the bounds check approves an offset that the read operation then overruns.
Attack Vector
Exploitation requires local access to the AMD IOMMU debug interface, which is typically restricted to privileged users. An attacker writes a crafted offset value to the debug control file and then triggers the show handler to perform the oversized read. The disclosed bytes correspond to whatever resides immediately after the IOMMU MMIO mapping in kernel virtual address space.
No verified public proof-of-concept code is available. The vulnerability mechanism is fully described in the upstream patch commits referenced above.
Detection Methods for CVE-2025-68760
Indicators of Compromise
- Unexpected user-space access to AMD IOMMU debugfs entries such as dbg_mmio_offset and related show files on systems where this interface should be unused.
- Kernel log entries referencing the AMD IOMMU driver around boundary-edge offsets near mmio_phys_end.
- Non-root or unexpected processes interacting with /sys/kernel/debug/iommu/ on production hosts.
Detection Strategies
- Audit running kernel versions against the patched stable releases referenced in the kernel.org commits to identify unpatched hosts.
- Monitor for processes opening or writing to AMD IOMMU debugfs files, which should be rare on production workloads.
- Track loaded kernel modules and configuration options that enable the AMD IOMMU debug interface.
Monitoring Recommendations
- Enable Linux audit rules on /sys/kernel/debug/iommu/ to log read and write activity.
- Collect kernel version inventory across the fleet and flag hosts running pre-patch builds of affected stable branches.
- Alert on privilege escalation attempts that precede access to kernel debug interfaces.
How to Mitigate CVE-2025-68760
Immediate Actions Required
- Apply the upstream kernel patches referenced by commits 0ec4aaf5f3f5, a0c7005333f9, and b959df804c33 from your distribution's stable kernel updates.
- Restrict access to /sys/kernel/debug/ so that only root can read or write debugfs entries, which is the standard hardened configuration.
- Inventory AMD-based Linux hosts and prioritize patching systems where debugfs is mounted with broader access.
Patch Information
The fix replaces the hardcoded 4-byte boundary assumption with sizeof(u64) so the validation matches the readq() operation. Refer to the upstream commits: kernel.org commit 0ec4aaf5f3f5, kernel.org commit a0c7005333f9, and kernel.org commit b959df804c33.
Workarounds
- Unmount or restrict debugfs on production systems where it is not required: ensure /sys/kernel/debug is mounted with mode=0700 and owned by root.
- Disable the AMD IOMMU debug interface in kernel build configuration where feasible until patches are deployed.
- Limit local shell and container access on AMD-based hosts to trusted administrators to reduce reachable attack surface.
# Restrict debugfs access to root only
mount -o remount,mode=700 /sys/kernel/debug
# Verify current kernel version against patched stable releases
uname -r
# Confirm AMD IOMMU driver presence
dmesg | grep -i "AMD-Vi"
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

