Main Vulnerability Database SB2026042079

SB2026042079 - Information disclosure in Xen

Published: April 20, 2026

Security Bulletin ID SB2026042079

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Information disclosure (CVE-ID: N/A)

The vulnerability allows a local user to disclose sensitive information from other contexts, including other guests.

The vulnerability exists due to transient execution data sampling in floating point divider state handling when executing code on a vulnerable host. A local user can execute code in one context to disclose sensitive information from other contexts, including other guests.

Only systems using AMD Fam17h CPUs based on the Zen1 microarchitecture are believed to be vulnerable.

Remediation

Install update from vendor's website.

References

https://xenbits.xen.org/xsa/advisory-488.html
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7053.html