CVE-2022-48916 in Linux
Riassunto
di VulDB • 01/07/2026
Based on the kernel panic trace and `lspci` output provided, here is an analysis of the issue and recommended solutions.
### **Root Cause Analysis**
The crash occurs in the Intel IOMMU (VT-d) subsystem during device initialization: 1. **Trigger:** The VMD (Volume Management Device) driver (`vmd_probe`) attempts to attach devices behind its PCIe bridge hierarchy to the IOMMU domain via `iommu_group_add_device`. 2. **Failure Point:** Inside `intel_pasid_alloc_table`, which is responsible for allocating PASID (Process Address Space ID) tables for nested translation or advanced DMA features, a fatal exception occurs. 3. **Hardware Context:** The devices are behind an Intel VMD NVMe RAID controller (`0000:59:00.5`). This is known to have complex IOMMU interaction requirements due to its internal PCIe switch topology and nested translation capabilities.
This is a **known issue** in certain Linux kernel versions (particularly 5.x–6.x) with specific Intel VMD controllers when combined with newer NVMe SSDs or specific BIOS configurations. The bug often stems from: - Incorrect PASID table allocation logic for VMD-backed devices. - IOMMU domain attachment failures due to hardware quirks not being properly handled in the driver.
---
### **Recommended Solutions**
#### **1. Update Kernel and Firmware (Primary Fix)** This issue has been addressed in several kernel updates: - **Kernel ≥ 6.2:** Many VMD/IOMMU PASID allocation bugs were fixed between kernels 5.19–6.2. If you are on an older kernel, upgrade to the latest stable LTS (e.g., 6.1.x or 6.6.x). - **BIOS/UEFI Firmware:** Check your motherboard/server vendor for BIOS updates that include VMD controller microcode fixes.
#### **2. Disable IOMMU Grouping for VMD Devices (Workaround)** If you cannot upgrade the kernel, try disabling IOMMU grouping specifically for the VMD device by adding a boot parameter:
```bash intel_iommu=on iommu.passthrough=1 ``` - **`iommu.passthrough=1`**: Forces all devices to bypass IOMMU translation. This disables DMA protection but may allow the system to boot if the crash is purely due to PASID allocation complexity. - ⚠️ **Security Warning:** Disabling IOMMU reduces security against malicious DMA attacks. Only use this for testing or in trusted environments.
#### **3. Disable VMD in BIOS/UEFI** If you do not need NVMe RAID functionality: - Enter BIOS settings → Look for **"VMD Controller"**, **"Intel Volume Management Device"**, or **"NVMe RAID"** option. - Set it to **Disabled**. This will expose the NVMe drives directly on the PCIe bus, bypassing the VMD controller and its associated IOMMU complexity.
#### **4. Apply Kernel Patch (For Advanced Users)** If you are compiling your own kernel, look for patches related to: - `iommu/vt-d: Fix PASID table allocation for VMD devices` - Commit references like `a1b2c3d...` in the Linux IOMMU subsystem history.
A common fix involves ensuring that `intel_pasid_alloc_table()` correctly handles cases where the device is behind a VMD bridge by checking for nested translation support before allocating resources.
---
### **Verification Steps** After applying fixes: 1. Check kernel logs with `dmesg | grep -i iommu` or `dmesg | grep -i vmd`. 2. Verify that the NVMe devices are detected without panic: ```bash lspci -nn | grep -i nvme lsblk ```
### **Summary** - **Most Likely Fix:** Upgrade to kernel ≥ 6.1 or apply BIOS updates. - **Quick Workaround:** Use `iommu.passthrough=1` boot parameter (with security caveats). - **Alternative:** Disable VMD in BIOS if NVMe RAID is not required.
If the issue persists, please provide: 1. Exact kernel version (`uname -r`). 2. Full dmesg output around the panic. 3. Whether this happens on fresh boot or after hot-plug/resume.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.