Astra Linux - уязвимость в linux

Aliases in the branch predictor may cause some AMD processors to predict the wrong branch type, potentially leading to information disclosure...

Astra Linux - уязвимость в linux, linux-5.10

The non-transparent sharing of the branch predictor within the context of some Intel processors may allow an authorized user to potentially enable information disclosure through local access...

Astra Linux - уязвимость в linux-5.10, linux

The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ibprctlset function updates the Thread Information Flags TIFs for the task and updates the SPECCTRL MSR in the function speculationctrlupdate, but the IBPB is only issued at the next schedul...

Astra Linux - уязвимость в linux, linux-5.10

The non-transparent sharing of branch predictor selectors between contexts in some Intel processors may allow an authorized user to potentially enable information disclosure through local access...

Astra Linux - уязвимость в linux, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Conditional IBPB mitigation has been added. VMSCAPE is a vulnerability that exploits the insufficient branch predictor isolation between a guest and a userspace hypervisor such as QEMU. Existing mitigations already...

xiangshan-bpu-asid-poc

XiangShan Cross-ASID BPU Leak PoC Minimal proof of concept fo...

SUSE SLED15 / SLES15 Security Update : xen (SUSE-SU-2026:0329-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0329-1 advisory. - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fix...

openSUSE 15 Security Update : xen (SUSE-SU-2026:0306-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0306-1 advisory. - CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 - CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation...

CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

CVE-2026-23553

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1 vCPU runs on CPU A, running task ...

Security update for xen

This update for xen fixes the following issues: CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing XSA-477 bsc1256745 CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation XSA-479 bsc1256747 Special Instructions and Notes: Please reboot the system after installing this update...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001510)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001510 advisory. Non-transparent sharing of branch predictor selectors between contexts in some IntelR Processors may allow an authorized user to potentially enable information...

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-001518)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001518 advisory. Non-transparent sharing of branch predictor within a context in some IntelR Processors may allow an authorized user to potentially enable information disclosure via...

USN-7939-2: Linux kernel (Azure FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7939-1: Linux kernel (Azure) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7937-1: Linux kernel (Azure FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7934-1 linux-azure, linux-azure-6.14 vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux...

USN-7933-1: Linux kernel (KVM) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7910-1: Linux kernel (Azure FIPS) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

kernel: x86/vmscape: Add conditional IBPB mitigation

In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor like QEMU. Existing mitigations already protect kernel/KVM...