{"id":"CVE-2025-40300","summary":"x86/vmscape: Add conditional IBPB mitigation","details":"In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmscape: Add conditional IBPB mitigation\n\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\nmitigations already protect kernel/KVM from a malicious guest. Userspace\ncan additionally be protected by flushing the branch predictors after a\nVMexit.\n\nSince it is the userspace that consumes the poisoned branch predictors,\nconditionally issue an IBPB after a VMexit and before returning to\nuserspace. Workloads that frequently switch between hypervisor and\nuserspace will incur the most overhead from the new IBPB.\n\nThis new IBPB is not integrated with the existing IBPB sites. For\ninstance, a task can use the existing speculation control prctl() to\nget an IBPB at context switch time. With this implementation, the\nIBPB is doubled up: one at context switch and another before running\nuserspace.\n\nThe intent is to integrate and optimize these cases post-embargo.\n\n[ dhansen: elaborate on suboptimal IBPB solution ]","modified":"2026-05-18T05:59:32.174149787Z","published":"2025-09-11T16:49:24.809Z","related":["ALSA-2025:19930","ALSA-2025:19931","ALSA-2025:19932","SUSE-SU-2025:03600-1","SUSE-SU-2025:03601-1","SUSE-SU-2025:03614-1","SUSE-SU-2025:03633-1","SUSE-SU-2025:03634-1","SUSE-SU-2025:20851-1","SUSE-SU-2025:20861-1","SUSE-SU-2025:20870-1","SUSE-SU-2025:20898-1","SUSE-SU-2025:21074-1","SUSE-SU-2025:21139-1","SUSE-SU-2025:21179-1","SUSE-SU-2025:3725-1","SUSE-SU-2025:3751-1","SUSE-SU-2026:0411-1","SUSE-SU-2026:0474-1","SUSE-SU-2026:0496-1","SUSE-SU-2026:0617-1","openSUSE-SU-2025:15553-1","openSUSE-SU-2025:20081-1","openSUSE-SU-2026:10301-1"],"database_specific":{"cna_assigner":"Linux","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40300.json"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/11/14/3"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/11/14/4"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/11/14/6"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/11/17/2"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2025/11/17/3"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/html/ssa-032379.html"},{"type":"WEB","url":"https://git.kernel.org/stable/c/15006289e5c38b2a830e1fba221977a27598176c"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e"},{"type":"WEB","url":"https://git.kernel.org/stable/c/2f8f173413f1cbf52660d04df92d0069c4306d25"},{"type":"WEB","url":"https://git.kernel.org/stable/c/34e5667041050711a947e260fc9ebebe08bddee5"},{"type":"WEB","url":"https://git.kernel.org/stable/c/459274c77b37ac63b78c928b4b4e748d1f9d05c8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/510603f504796c3535f67f55fb0b124a303b44c8"},{"type":"WEB","url":"https://git.kernel.org/stable/c/893387c18612bb452336a5881da0d015a7e8f4a2"},{"type":"WEB","url":"https://git.kernel.org/stable/c/9c23a90648e831d611152ac08dbcd1283d405e7f"},{"type":"WEB","url":"https://git.kernel.org/stable/c/ac60717f9a8d21c58617d0b34274babf24135835"},{"type":"WEB","url":"https://git.kernel.org/stable/c/c08192b5d6730a914dee6175bc71092ee6a65f14"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d5490dfa35427a2967e00a4c7a1b95fdbc8ede34"},{"type":"WEB","url":"https://git.kernel.org/stable/c/d7ddc93392e4a7ffcccc86edf6ef3e64c778db52"},{"type":"WEB","url":"https://git.kernel.org/stable/c/f866eef8d1c65504d30923c3f14082ad294d0e6d"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2025/40xxx/CVE-2025-40300.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2025-40300"},{"type":"PACKAGE","url":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"15d45071523d89b3fb7372e2135fbd72f6af9506"},{"fixed":"ac60717f9a8d21c58617d0b34274babf24135835"},{"fixed":"c08192b5d6730a914dee6175bc71092ee6a65f14"},{"fixed":"d5490dfa35427a2967e00a4c7a1b95fdbc8ede34"},{"fixed":"2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e"},{"fixed":"15006289e5c38b2a830e1fba221977a27598176c"},{"fixed":"893387c18612bb452336a5881da0d015a7e8f4a2"},{"fixed":"f866eef8d1c65504d30923c3f14082ad294d0e6d"},{"fixed":"34e5667041050711a947e260fc9ebebe08bddee5"},{"fixed":"d7ddc93392e4a7ffcccc86edf6ef3e64c778db52"},{"fixed":"459274c77b37ac63b78c928b4b4e748d1f9d05c8"},{"fixed":"510603f504796c3535f67f55fb0b124a303b44c8"},{"fixed":"9c23a90648e831d611152ac08dbcd1283d405e7f"},{"fixed":"2f8f173413f1cbf52660d04df92d0069c4306d25"}]},{"type":"GIT","repo":"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git","events":[{"introduced":"0"},{"last_affected":"c51f1e5f57cca88d8d5894b6fad1638f643a99d0"},{"last_affected":"4b3870c343a82cd2df7192cc5149c87205dcc611"}]}],"versions":["v4.4.167","v4.4.166","v4.4.165","v4.4.164","v4.4.163","v4.4.162","v4.4.161","v4.4.160","v4.4.159","v4.4.158","v4.4.157","v4.4.156","v4.4.155","v4.4.154","v4.4.153","v4.4.152","v4.4.151","v4.4.150","v4.4.149","v4.4.148","v4.4.147","v4.4.146","v4.4.145","v4.4.144","v4.4.143","v4.4.142","v4.4.141","v4.4.140","v4.4.139","v4.4.138","v3.16.56","v4.4.137","v4.4.136","v4.4.135","v4.4.134","v4.4.133","v4.4.132","v4.4.131","v4.4.130","v4.4.129","v4.4.128","v4.4.127","v4.4.126","v4.4.125","v4.4.124","v4.4.123","v4.4.122","v3.16.55","v4.4.121","v4.4.120","v3.16.54","v4.4.119","v4.4.118","v4.4.117","v4.4.116","v4.4.115","v3.16.53","v4.4.114","v4.4.113","v4.4.112","v4.4.111","v4.4.110","v3.16.52","v4.4.109","v4.4.108","v3.16.51","v4.4.107","v4.4.106","v4.4.105","v4.4.104","v4.4.103","v4.4.102","v3.16.50","v4.4.101","v4.4.100","v4.4.99","v4.4.98","v4.4.97","v3.16.49","v4.4.96","v4.4.95","v4.4.94","v4.4.93","v4.4.92","v3.16.48","v4.4.91","v4.4.90","v4.4.89","v4.4.88","v3.16.47","v4.4.87","v4.4.86","v4.4.85","v4.4.84","v3.16.46","v4.4.83","v4.4.82","v4.4.81","v4.4.80","v4.4.79","v4.4.78","v4.4.77","v3.16.45","v4.4.76","v4.4.75","v3.16.44","v4.4.74","v4.4.73","v4.4.72","v4.4.71","v4.4.70","v3.16.43","v4.4.69","v4.4.68","v4.4.67","v4.4.66","v4.4.65","v4.4.64","v4.4.63","v4.4.62","v4.4.61","v4.4.60","v4.4.59","v3.16.42","v4.4.58","v4.4.57","v4.4.56","v4.4.55","v4.4.54","v3.16.41","v4.4.53","v4.4.52","v3.16.40","v4.4.51","v4.4.50","v3.16.39","v4.4.49","v4.4.48","v4.4.47","v4.4.46","v4.4.45","v4.4.44","v4.4.43","v4.4.42","v4.4.41","v4.4.40","v4.4.39","v4.4.38","v4.4.37","v4.4.36","v4.4.35","v4.4.34","v4.4.33","v3.16.38","v4.4.32","v4.4.31","v4.4.30","v4.4.29","v4.4.28","v4.4.27","v4.4.26","v3.16.37","v4.4.25","v4.4.24","v4.4.23","v4.4.22","v4.4.21","v4.4.20","v4.4.19","v3.16.36","v4.4.18","v4.4.17","v4.4.16","v4.4.15","v4.4.14","v4.4.13","v3.16.35","v4.4.12","v4.4.11","v4.4.10","v4.4.9","v4.4.8","v4.4.7","v4.4.6","v4.4","v4.4.5","v4.4.4","v4.4.3","v4.4.2","v4.4.1","v4.4-rc1","v4.4-rc2","v4.4-rc8","v4.4-rc3","v4.4-rc7","v4.4-rc5","v4.4-rc6","v4.4-rc4","v4.3","v4.3-rc1","v4.3-rc6","v4.3-rc4","v4.3-rc2","v4.3-rc7","v4.3-rc5","v4.3-rc3","v4.2","v4.2-rc2","v4.2-rc1","v4.2-rc8","v4.2-rc4","v4.2-rc6","v4.2-rc7","v4.0-rc5","v4.2-rc5","v4.2-rc3","v4.1-rc2","v4.1","v4.1-rc1","v4.1-rc8","v4.1-rc7","v4.1-rc6","v4.1-rc3","v4.1-rc4","v4.0","v4.1-rc5","v4.0-rc1","v4.0-rc2","v4.0-rc7","v4.0-rc3","v4.0-rc6","v4.0-rc4","v3.19","v3.19-rc7","v3.19-rc5","v3.19-rc1","v3.19-rc6","v3.19-rc4","v3.18-rc1","v3.19-rc3","v3.19-rc2","v3.18","v3.18-rc7","v3.18-rc6","v3.18-rc2","v3.18-rc3","v3.18-rc4","v3.18-rc5","v3.17","v3.16.7","v3.16.6","v3.17-rc1","v3.16.5","v3.17-rc7","v3.16.4","v3.17-rc2","v3.16.3","v3.17-rc4","v3.16","v3.17-rc5","v3.17-rc6","v3.16.2","v3.17-rc3","v3.16.1","v3.16-rc7","v3.16-rc1","v3.16-rc3","v3.16-rc5","v3.16-rc6","v3.16-rc2","v3.16-rc4","v3.13","v3.15","v3.15-rc5","v3.15-rc8","v3.15-rc1","v3.15-rc6","v3.15-rc3","v3.15-rc7","v3.15-rc2","v3.15-rc4","v3.14","v3.14-rc4","v3.14-rc8","v3.14-rc7","v3.14-rc6","v3.14-rc1","v3.14-rc2","v3.14-rc5","v3.14-rc3","v3.13-rc6","v3.13-rc8","v3.12","v3.13-rc7","v3.13-rc1","v3.13-rc4","v3.13-rc3","v3.13-rc5","v3.13-rc2","v3.12-rc7","v3.12-rc3","v3.12-rc6","v3.12-rc1","v3.12-rc5","v3.11","v3.12-rc2","v3.12-rc4","v3.11-rc7","v3.11-rc2","v3.11-rc5","v3.11-rc1","v3.11-rc3","v3.11-rc4","v3.11-rc6","v3.10-rc2","v3.10","v3.10-rc7","v3.10-rc6","v3.10-rc1","v3.10-rc5","v3.10-rc3","v3.10-rc4","v3.9","v3.9-rc2","v3.9-rc7","v3.9-rc8","v3.9-rc3","v3.9-rc6","v3.9-rc5","v3.9-rc4","v3.9-rc1","v3.8","v3.8-rc7","v3.8-rc6","v3.8-rc5","v3.8-rc2","v3.8-rc1","v3.8-rc3","v3.8-rc4","v3.7","v3.7-rc1","v3.6","v3.7-rc6","v3.7-rc7","v3.7-rc3","v3.7-rc8","v3.7-rc2","v3.7-rc4","v3.7-rc5","v3.6-rc7","v3.6-rc1","v3.5-rc3","v3.6-rc6","v3.6-rc5","v3.5","v3.6-rc3","v3.6-rc4","v3.6-rc2","v3.4-rc4","v3.5-rc7","v3.5-rc5","v3.5-rc6","v3.5-rc2","v3.5-rc1","v3.5-rc4","v3.4","v3.4-rc2","v3.4-rc1","v3.4-rc7","v3.4-rc6","v3.4-rc3","v3.4-rc5","v3.3","v3.3-rc6","v3.3-rc3","v3.3-rc7","v3.3-rc2","v3.3-rc5","v3.2","v3.3-rc4","v3.3-rc1","v3.2-rc4","v3.2-rc7","v3.2-rc6","v3.2-rc5","v3.2-rc3","v3.1","v3.2-rc2","v3.2-rc1","v3.1-rc1","v3.1-rc9","v3.1-rc8","v3.1-rc10","v3.1-rc7","v3.1-rc3","v3.1-rc2","v3.1-rc4","v3.1-rc5","v3.0","v3.1-rc6","v3.0-rc7","v3.0-rc4","v3.0-rc6","v3.0-rc5","v3.0-rc3","v3.0-rc1","v2.6.39","v3.0-rc2","v2.6.38","v2.6.39-rc2","v2.6.39-rc7","v2.6.39-rc5","v2.6.39-rc1","v2.6.38-rc7","v2.6.39-rc6","v2.6.39-rc4","v2.6.39-rc3","v2.6.37","v2.6.38-rc1","v2.6.38-rc8","v2.6.38-rc2","v2.6.38-rc6","v2.6.38-rc5","v2.6.38-rc4","v2.6.38-rc3","v2.6.37-rc4","v2.6.37-rc2","v2.6.36","v2.6.37-rc5","v2.6.37-rc8","v2.6.37-rc7","v2.6.37-rc6","v2.6.37-rc1","v2.6.37-rc3","v2.6.36-rc6","v2.6.35-rc4","v2.6.36-rc8","v2.6.35","v2.6.36-rc7","v2.6.36-rc3","v2.6.36-rc5","v2.6.36-rc4","v2.6.36-rc2","v2.6.36-rc1","v2.6.35-rc5","v2.6.35-rc6","v2.6.34","v2.6.35-rc3","v2.6.35-rc1","v2.6.35-rc2","v2.6.34-rc7","v2.6.34-rc6","v2.6.34-rc5","v2.6.34-rc4","v2.6.34-rc3","v2.6.34-rc2","v2.6.34-rc1","v2.6.33","v2.6.33-rc6","v2.6.33-rc8","v2.6.33-rc4","v2.6.33-rc5","v2.6.33-rc3","v2.6.33-rc7","v2.6.33-rc2","v2.6.32","v2.6.33-rc1","v2.6.32-rc8","v2.6.32-rc7","v2.6.32-rc6","v2.6.31","v2.6.32-rc5","v2.6.32-rc4","v2.6.32-rc2","v2.6.32-rc1","v2.6.32-rc3","v2.6.31-rc9","v2.6.31-rc1","v2.6.31-rc7","v2.6.31-rc8","v2.6.31-rc6","v2.6.30-rc6","v2.6.30","v2.6.31-rc4","v2.6.31-rc5","v2.6.31-rc3","v2.6.31-rc2","v2.6.30-rc7","v2.6.30-rc8","v2.6.30-rc5","v2.6.30-rc3","v2.6.30-rc4","v2.6.30-rc1","v2.6.30-rc2","v2.6.29","v2.6.29-rc8","v2.6.29-rc7","v2.6.29-rc5","v2.6.29-rc1","v2.6.29-rc6","v2.6.29-rc4","v2.6.29-rc3","v2.6.29-rc2","v2.6.28","v2.6.28-rc7","v2.6.28-rc9","v2.6.28-rc8","v2.6.28-rc6","v2.6.28-rc5","v2.6.28-rc4","v2.6.28-rc2","v2.6.28-rc3","v2.6.28-rc1","v2.6.27","v2.6.27-rc7","v2.6.27-rc9","v2.6.27-rc8","v2.6.27-rc5","v2.6.27-rc6","v2.6.27-rc4","v2.6.27-rc1","v2.6.27-rc3","v2.6.27-rc2","v2.6.26","v2.6.26-rc9","v2.6.26-rc8","v2.6.26-rc3","v2.6.26-rc7","v2.6.26-rc6","v2.6.26-rc5","v2.6.26-rc4","v2.6.26-rc2","v2.6.26-rc1","v2.6.25","v2.6.25-rc7","v2.6.25-rc9","v2.6.25-rc8","v2.6.25-rc6","v2.6.25-rc5","v2.6.25-rc3","v2.6.25-rc4","v2.6.24","v2.6.25-rc2","v2.6.25-rc1","v2.6.24-rc8","v2.6.24-rc7","v2.6.24-rc6","v2.6.24-rc5","v2.6.24-rc4","v2.6.24-rc3","v2.6.24-rc2","v2.6.24-rc1","v2.6.23","v2.6.23-rc9","v2.6.23-rc8","v2.6.23-rc5","v2.6.23-rc7","v2.6.23-rc6","v2.6.23-rc4","v2.6.23-rc3","v2.6.23-rc2","v2.6.23-rc1","v2.6.22","v2.6.22-rc7","v2.6.22-rc6","v2.6.22-rc5","v2.6.22-rc4","v2.6.22-rc3","v2.6.22-rc2","v2.6.22-rc1","v2.6.21","v2.6.21-rc7","v2.6.21-rc6","v2.6.21-rc5","v2.6.21-rc4","v2.6.21-rc3","v2.6.21-rc2","v2.6.21-rc1","v2.6.20-rc7","v2.6.20-rc6","v2.6.20-rc5","v2.6.20-rc4","v2.6.20-rc3","v2.6.20-rc1","v2.6.20-rc2","v2.6.19-rc2","v2.6.18","v2.6.19-rc1","v2.6.18-rc6","v2.6.18-rc5","v2.6.18-rc3","v2.6.18-rc2","v2.6.18-rc1","v2.6.17","v2.6.17-rc4","v2.6.17-rc6","v2.6.17-rc5","v2.6.17-rc3","v2.6.17-rc2","v2.6.17-rc1","v2.6.16","v2.6.16-rc6","v2.6.16-rc4","v2.6.16-rc5","v2.6.16-rc3","v2.6.16-rc2","v2.6.16-rc1","v2.6.15-rc7","v2.6.15-rc5","v2.6.15-rc4","v2.6.15-rc2","v2.6.15-rc1","v2.6.14-rc3","v2.6.14-rc2","v2.6.14-rc1","v2.6.13","v2.6.13-rc7","v2.6.13-rc6","v2.6.13-rc5","v2.6.13-rc3","v2.6.13-rc4","v2.6.13-rc2","v2.6.13-rc1","v2.6.12-rc4","v2.6.12-rc3","v2.6.12-rc2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40300.json"}},{"package":{"name":"Kernel","ecosystem":"Linux"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"4.16.0"},{"fixed":"5.10.244"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.11.0"},{"fixed":"5.15.193"}]},{"type":"ECOSYSTEM","events":[{"introduced":"5.16.0"},{"fixed":"6.1.152"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.2.0"},{"fixed":"6.6.106"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.7.0"},{"fixed":"6.12.47"}]},{"type":"ECOSYSTEM","events":[{"introduced":"6.13.0"},{"fixed":"6.16.7"}]}],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-40300.json"}}],"schema_version":"1.7.5"}