CVE-2025-68760

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> iommu/amd: Fix potential out-of-bounds read in iommu_mmio_show<br /> <br /> In iommu_mmio_write(), it validates the user-provided offset with the<br /> check: `iommu-&gt;dbg_mmio_offset &gt; iommu-&gt;mmio_phys_end - 4`.<br /> This assumes a 4-byte access. However, the corresponding<br /> show handler, iommu_mmio_show(), uses readq() to perform an 8-byte<br /> (64-bit) read.<br /> <br /> If a user provides an offset equal to `mmio_phys_end - 4`, the check<br /> passes, and will lead to a 4-byte out-of-bounds read.<br /> <br /> Fix this by adjusting the boundary check to use sizeof(u64), which<br /> corresponds to the size of the readq() operation.