group.of.nepali.translators team mailing list archive

Thread
Date

[Bug 2124105] Re: VMSCAPE CVE-2025-40300

To: group.of.nepali.translators@xxxxxxxxxxxxxxxxxxx
From: Manuel Diewald <2124105@xxxxxxxxxxxxxxxxxx>
Date: Fri, 10 Oct 2025 20:27:17 -0000
Reply-to: Bug 2124105 <2124105@xxxxxxxxxxxxxxxxxx>
Sender: noreply@xxxxxxxxxxxxx

** Also affects: linux (Ubuntu Trusty)
   Importance: Undecided
       Status: New

** Changed in: linux (Ubuntu Trusty)
   Importance: Undecided => High

** Changed in: linux (Ubuntu Trusty)
     Assignee: (unassigned) => Cengiz Can (cengizcan)

** Changed in: linux (Ubuntu Trusty)
       Status: New => Fix Committed

** Changed in: linux (Ubuntu Xenial)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Bionic)
       Status: In Progress => Fix Committed

** Changed in: linux (Ubuntu Focal)
       Status: In Progress => Fix Committed

-- 
You received this bug notification because you are a member of नेपाली
भाषा समायोजकहरुको समूह, which is subscribed to Xenial.
Matching subscriptions: Ubuntu 16.04 Bugs
https://bugs.launchpad.net/bugs/2124105

Title:
  VMSCAPE CVE-2025-40300

Status in linux package in Ubuntu:
  In Progress
Status in linux source package in Trusty:
  Fix Committed
Status in linux source package in Xenial:
  Fix Committed
Status in linux source package in Bionic:
  Fix Committed
Status in linux source package in Focal:
  Fix Committed
Status in linux source package in Jammy:
  In Progress
Status in linux source package in Noble:
  In Progress
Status in linux source package in Plucky:
  In Progress
Status in linux source package in Questing:
  In Progress

Bug description:
  [ Impact ]

  VMSCAPE is a vulnerability, affecting a broad range of amd64 CPUs,
  that may allow a guest to influence the branch prediction in host userspace.
  It particularly affects hypervisors like QEMU.

  Even if a hypervisor may not have any sensitive data like disk encryption keys,
  guest-userspace may be able to attack the guest-kernel using the hypervisor
  as a confused deputy.

  [ Fix ]

  Backport the following patchset to all affected series:
  - 9969779d0803 Documentation/hw-vuln: Add VMSCAPE documentation
  - a508cec6e521 x86/vmscape: Enumerate VMSCAPE bug
  - 2f8f173413f1 x86/vmscape: Add conditional IBPB mitigation
  - 556c1ad666ad x86/vmscape: Enable the mitigation
  - 6449f5baf9c7 x86/bugs: Move cpu_bugs_smt_update() down
  - b7cc98872315 x86/vmscape: Warn when STIBP is disabled with SMT
  - 8a68d64bb103 x86/vmscape: Add old Intel CPUs to affected list

  [ Test Plan ]

  Boot the kernel on a system having a vulnerable CPU.
  Fine tune the PoC (https://github.com/comsec-group/vmscape/tree/main/vmscape)
  considering the CPU on which the kernel is running.
  Run the PoC and make sure that it fails.

  [ Regression Potential ]

  The regression potential is moderate, since the patches add conditional
  IBPB flushing on VMEXIT for the CPUs affected by the vulnerability.
  Any issue would be limited to measurable performance regressions for
  VM heavy workload that trigger frequent VMEXITs (due to IBPB overhead).

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/2124105/+subscriptions

References

[Bug 2124105] [NEW] VMSCAPE CVE-2025-40300
From: Massimiliano Pellizzer, 2025-09-16