On Sapphire Rapids and related platforms, the DSA and IAA devices have an erratum (INTEL-SA-01084) that causes direct access (for example, by using the ENQCMD or MOVDIR64 instructions) from untrusted applications to be a security problem.
CVE is Public Now: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01084.html
The fix went public today in Linus' tree with the following commits: 95feb3160eef ("VFIO: Add the SPR_DSA and SPR_IAX devices to the denylist") e11452eb071b ("dmaengine: idxd: add a new security check to deal with a hardware erratum") 6827738dc684 ("dmaengine: idxd: add a write() method for applications to submit work")
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2280396]