| The vulnerability, CVE-2021-47035, lies in the Intel IOMMU (Input/Output Memory Management Unit) driver's handling of second-level paging entries. Specifically, when using the first-level page table for IOVA (I/O Virtual Address) translation, only Read-Only and Read-Write permissions are supported, whereas Write-Only permission is not allowed as it would imply setting the PRESENT bit, which always implies Read permission. However, when using second-level paging entries, separate permissions were granted, including Write-Only, which is inconsistent with the first-level behavior. |
| The issue was introduced in Linux kernel version 5.6 and fixed in versions 5.10.37, 5.10.38, 5.11.21, and 5.12.4, as well as in version 5.13. The affected file is `drivers/iommu/intel/iommu.c`. |
| The mitigation for this vulnerability is to update to the latest stable kernel version, which includes not only this fix but also many other bugfixes. Cherry-picking individual commits is not recommended or supported by the Linux kernel community. If updating to the latest release is impossible, the individual changes can be found in the specified commit hashes. |
