A high-severity vulnerability in Intel VT-d hardware virtualization can lead to memory corruption or potential privilege escalation.

The vulnerability exists because the Present bit in the Intel VT-d Scalable Mode PASID table entry is not cleared before the entry is torn down. This leaves a window for invalid memory access.

A CVSS score of 7.8 reflects the severity of this hardware-level memory management issue. Exploitation could allow an attacker to bypass virtualization protections, leading to cross-VM information disclosure or system-level compromise.

Immediate Action: Apply the latest security patches for the Linux kernel that address Intel VT-d IOMMU management.

Proactive Monitoring: Monitor system health and virtualization logs for anomalies related to IOMMU or hardware-assisted virtualization.

Compensating Controls: Ensure that virtualization hosts are running fully patched firmware and kernels to maintain hardware isolation.

Public Exploit Available: false

Organizations utilizing Intel-based virtualization should treat this as a high-priority update. Updating the kernel and firmware is critical to maintaining the security boundary between virtualized instances.