CVE-2026-23553
Branch Target Buffer Side-Channel in Xen vCPU Context Switch Logic
Publication date: 2026-01-28
Last updated on: 2026-02-09
Assigner: Xen Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xen | xen | From 4.6.0 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-693 | The product does not use or incorrectly uses a protection mechanism that provides sufficient defense against directed attacks against the product. |
| CWE-665 | The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Xen's context switch logic where Xen attempts to skip an Indirect Branch Prediction Barrier (IBPB) when a virtual CPU (vCPU) returns to a physical CPU on which it was the previous vCPU to run. While this skipping is safe for isolation between vCPUs, it prevents the guest kernel from correctly isolating between different tasks. As a result, the Branch Target Buffer (BTB) may retain training from a previous task, potentially allowing information leakage between tasks.
How can this vulnerability impact me? :
The vulnerability can lead to improper isolation between tasks running on the same CPU core, where the Branch Target Buffer (BTB) retains information from a previous task. This could potentially allow a task to infer or leak information about a previously running task, leading to a low-severity information disclosure risk.