ACK: [SRU][P/N/J][PATCH 0/3] VMSCAPE CVE-2025-40300 (LP: #2124105)
Alessio Faina
alessio.faina at canonical.com
Fri Sep 19 06:52:44 UTC 2025
On Wed, Sep 17, 2025 at 02:22:35PM +0200, Massimiliano Pellizzer wrote:
> BugLink: https://bugs.launchpad.net/bugs/2124105
>
> [ Impact ]
>
> VMSCAPE is a vulnerability, affecting a broad range of amd64 CPUs,
> that may allow a guest to influence the branch prediction in host userspace.
> It particularly affects hypervisors like QEMU.
>
> Even if a hypervisor may not have any sensitive data like disk encryption keys,
> guest-userspace may be able to attack the guest-kernel using the hypervisor
> as a confused deputy.
>
> [ Fix ]
>
> Backport the following patchset to all affected series:
> - 9969779d0803 Documentation/hw-vuln: Add VMSCAPE documentation
> - a508cec6e521 x86/vmscape: Enumerate VMSCAPE bug
> - 2f8f173413f1 x86/vmscape: Add conditional IBPB mitigation
> - 556c1ad666ad x86/vmscape: Enable the mitigation
> - 6449f5baf9c7 x86/bugs: Move cpu_bugs_smt_update() down
> - b7cc98872315 x86/vmscape: Warn when STIBP is disabled with SMT
> - 8a68d64bb103 x86/vmscape: Add old Intel CPUs to affected list
>
> [ Test Plan ]
>
> Boot the kernel on a system having a vulnerable CPU.
> Fine tune the PoC (https://github.com/comsec-group/vmscape/tree/main/vmscape)
> considering the CPU on which the kernel is running.
> Run the PoC and make sure that it fails.
>
> [ Regression Potential ]
>
> The regression potential is moderate, since the patches add conditional
> IBPB flushing on VMEXIT for the CPUs affected by the vulnerability.
> Any issue would be limited to measurable performance regressions for
> VM heavy workload that trigger frequent VMEXITs (due to IBPB overhead).
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
Acked-by: Alessio Faina <alessio.faina at canonical.com>
More information about the kernel-team
mailing list