What is CVE-2025-40058?

CVE-2025-40058 is a unscored severity Linux kernel vulnerability, affecting Linux kernel versions from 6.7 onward and patched in 6.12.53, 6.17.3 and 6.18. CVE-2025-40058 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2025-40058?

CVE-2025-40058 has a CVSS score of pending NVD analysis out of 10, rated awaiting scoring severity.

Is there a patch available for CVE-2025-40058?

Yes, CVE-2025-40058 has been patched. Fixed versions include 6.12.53, 6.17.3 and 6.18. If you are running Linux kernel 6.7 or later up to the fix versions, apply the relevant patch for your kernel branch.

Is CVE-2025-40058 actively exploited?

CVE-2025-40058 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2025-40058

In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tracking if incoherent page walk Dirty page tracking relies on the IOMMU atomically updating the dirty bit in the paging-structure entry. For this operation to succeed, the paging- structure memory must be coherent between the IOMMU and the CPU. In another word, if the iommu page walk is incoherent, dirty page tracking doesn't work. The Intel VT-d specification, Section 3.10 "Snoop Behavior" states: "Remapping hardware encountering the need to atomically update A/EA/D bits in a paging-structure entry that is not snooped will result in a non- recoverable fault." To prevent an IOMMU from being incorrectly configured for dirty page tracking when it is operating in an incoherent mode, mark SSADS as supported only when both ecap_slads and ecap_smpwc are supported.

Package Linux Kernel

Published 2025-10-28

Last modified 2026-04-15

Patch available

Yes

Affected versions

Linux kernel versions 6.7 and later are affected. Fixed in 6.12.53, 6.17.3, 6.18 and their respective stable series.

Affected from

≥ 6.7

Fixed in

✓ 6.12.53 6.12.x ✓ 6.17.3 6.17.x ✓ 6.18

References

The following references provide additional information about CVE-2025-40058 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel patch commit
https://git.kernel.org/stable/c/57f55048e564dedd8a4546d018e29d6bbfff0a7e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/8d096ce0e87bdc361f0b25d7943543bc53aa0b9e
Patch
Kernel patch commit
https://git.kernel.org/stable/c/ebe16d245a00626bb87163862a1b07daf5475a3e
Patch

Frequently asked questions

What is CVE-2025-40058?

CVE-2025-40058 is a unscored severity Linux kernel vulnerability . It affects Linux kernel versions from 6.7 onward and has been patched in 6.12.53, 6.17.3 and 6.18. CVE-2025-40058 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
Is there a patch available for CVE-2025-40058?

Yes — CVE-2025-40058 has been patched. Fixed versions include 6.12.53, 6.17.3 and 6.18. If you are running Linux kernel 6.7 or later up to the fix versions, apply the relevant patch for your kernel branch.
Is CVE-2025-40058 actively exploited?

No — CVE-2025-40058 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.