Information disclosure in Xen - #VU126565
Published: April 20, 2026
Vulnerability identifier: #VU126565
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Xen Project
Affected software:
Xen
Xen
Detailed vulnerability description
The vulnerability allows a local user to disclose sensitive information from other contexts, including other guests.
The vulnerability exists due to transient execution data sampling in floating point divider state handling when executing code on a vulnerable host. A local user can execute code in one context to disclose sensitive information from other contexts, including other guests.
Only systems using AMD Fam17h CPUs based on the Zen1 microarchitecture are believed to be vulnerable.
Remediation
Install security update from vendor's website.