Bug 2394627 (CVE-2025-40300)
| Summary: | CVE-2025-40300 kernel: x86/vmscape: Add conditional IBPB mitigation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | NEW --- | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | Keywords: | Security |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
In the Linux kernel, the following vulnerability has been resolved: x86/vmscape: Add conditional IBPB mitigation VMSCAPE is a vulnerability that exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU). Existing mitigations already protect kernel/KVM from a malicious guest. Userspace can additionally be protected by flushing the branch predictors after a VMexit. Since it is the userspace that consumes the poisoned branch predictors, conditionally issue an IBPB after a VMexit and before returning to userspace. Workloads that frequently switch between hypervisor and userspace will incur the most overhead from the new IBPB. This new IBPB is not integrated with the existing IBPB sites. For instance, a task can use the existing speculation control prctl() to get an IBPB at context switch time. With this implementation, the IBPB is doubled up: one at context switch and another before running userspace. The intent is to integrate and optimize these cases post-embargo. [ dhansen: elaborate on suboptimal IBPB solution ]
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
OSIDB Bzimport
2025-09-11 17:03:18 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:19932 https://access.redhat.com/errata/RHSA-2025:19932 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:19930 https://access.redhat.com/errata/RHSA-2025:19930 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2025:19931 https://access.redhat.com/errata/RHSA-2025:19931 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2025:21112 https://access.redhat.com/errata/RHSA-2025:21112 This issue has been addressed in the following products: Red Hat Enterprise Linux 10 Via RHSA-2025:21118 https://access.redhat.com/errata/RHSA-2025:21118 Upstream advisory: https://lore.kernel.org/linux-cve-announce/2025091128-CVE-2025-40300-5569@gregkh/ This issue has been addressed in the following products: Red Hat Enterprise Linux 9.4 Extended Update Support Via RHSA-2025:21760 https://access.redhat.com/errata/RHSA-2025:21760 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2025:22006 https://access.redhat.com/errata/RHSA-2025:22006 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:22066 https://access.redhat.com/errata/RHSA-2025:22066 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions Red Hat Enterprise Linux 8.8 Telecommunications Update Service Via RHSA-2025:22072 https://access.redhat.com/errata/RHSA-2025:22072 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2025:22087 https://access.redhat.com/errata/RHSA-2025:22087 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:22095 https://access.redhat.com/errata/RHSA-2025:22095 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions Via RHSA-2025:22124 https://access.redhat.com/errata/RHSA-2025:22124 This issue has been addressed in the following products: Red Hat Enterprise Linux 10.0 Extended Update Support Via RHSA-2026:0271 https://access.redhat.com/errata/RHSA-2026:0271 |