CVE-2026-23553

LOW

Xen - Info Disclosure

Title source: llm

Description

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU moves back to CPU A. Xen skips IBPB again. Now, task 2 is running on CPU A with task 1's training still in the BTB.

References (3)

[Mitigation, Patch, Vendor Advisory] https://xenbits.xenproject.org/xsa/advisory-479.html

[Mailing List, Mitigation, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2026/01/27/3

[Mitigation, Patch, Vendor Advisory] http://xenbits.xen.org/xsa/advisory-479.html

Scores

CVSS v3 2.9

EPSS 0.0003

EPSS Percentile 7.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-665 CWE-693

Status published

Products (1)

xen/xen 4.6.0

Published Jan 28, 2026

Tracked Since Feb 18, 2026