Xen Patches Cross-Guest Data Leak on AMD Zen1 CPUs
Xen disclosed XSA-488, a transient execution vulnerability named Floating Point Divider State Sampling that affects x86 deployments running on vulnerable AMD Fam17h (Zen1) processors. The flaw was identified by researchers from the CISPA Helmholtz Center for Information Security, and Xen said an attacker may be able to infer data from other execution contexts, including other guest VMs, creating a cross-tenant confidentiality risk for virtualized environments.
According to the advisory, all Xen versions are affected when deployed on the impacted CPU family. Xen said no mitigations are currently available, but released fixes for xen-unstable and the supported 4.20/4.19, 4.18, and 4.17 branches, urging operators on affected hardware to apply the relevant patches to reduce exposure.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
2 events from the most recent confirmed update back to the earliest known activity.
Xen discloses XSA-488 and releases patches
Xen published Security Advisory 488, stating that all Xen versions are affected on vulnerable CPUs and that attackers may be able to infer data from other contexts, including other guests. Xen also released patches for xen-unstable and the Xen 4.20/4.19, 4.18, and 4.17 branches, while noting that no mitigations were available.
CISPA researchers discover Xen FP Divider State Sampling issue
Researchers from the CISPA Helmholtz Center for Information Security identified a new transient execution vulnerability dubbed Floating Point Divider State Sampling affecting Xen on x86 systems running on AMD Fam17h CPUs based on the Zen1 microarchitecture.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
2 references tracked. Mallory keeps watching after this page renders.
See the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Xen warns AMD Zen 2 opcode cache flaw can enable guest-to-host escalation
Xen disclosed **Xen Security Advisory 490** for `CVE-2025-54518`, an x86 CPU opcode cache corruption flaw affecting Xen deployments on certain AMD processors. The issue is believed to impact **AMD Family 17h CPUs based on the Zen 2 microarchitecture**, and Xen said successful exploitation could let code running at any privilege level gain higher privileges, including **userspace-to-kernel** and **guest-to-host** escalation. The advisory says **all Xen versions** are affected when running on the vulnerable CPUs, while other AMD processors and CPUs from other vendors are not known to be impacted. Xen reported that **no mitigations are available** and directed users to apply released patches for `xen-unstable`, Xen `4.21.x` through `4.18.x`, and Xen `4.17.x`; the `4.17` branch also requires an unusual additional backported patch because the fix is closely coupled with an earlier change.
May 25, 2026
Xen Advisories Disclose Linux Guest Kernel Flaws Enabling Privilege Escalation
Xen has disclosed two Linux guest kernel vulnerabilities affecting virtualized environments, warning that both issues require patching and have no known mitigations. **CVE-2026-31786** (`XSA-485`) affects Linux kernels **4.13 and later** in Xen domains through unsafe handling of the binary build ID exposed at `/sys/hypervisor/properties/buildid`. The bug uses `sprintf()` on a non-null-terminated binary value, which can trigger an out-of-bounds read and, in rare cases, a write past the 4 KB sysfs buffer, potentially leading to **information disclosure, denial of service, or privilege escalation** inside Linux Xen guests. A second advisory, **CVE-2026-31787** (`XSA-487`), describes a **double-free** flaw in the Linux **Xen `privcmd` driver** that allows a **root user in a Linux guest** to bypass kernel lockdown protections tied to secure boot. Xen said the issue affects Linux **PVH or HVM domains** on **x86 and Arm** from kernel **3.8 onward**, while PV domains and non-Linux guests are not affected. The vulnerabilities were reported by **Frediano Ziglio of XenServer** and **Atharva Vartak (@0xAth4rv)**, respectively, and Xen urged operators to apply the supplied Linux patches.
Apr 30, 2026
StackWarp Side-Channel Weakness Undermines AMD SEV-SNP Confidential VMs
Researchers at **CISPA Helmholtz Center for Information Security** disclosed **StackWarp** (**CVE-2025-29943**), a microarchitectural weakness affecting **AMD Zen** CPUs that can undermine the integrity guarantees of **AMD SEV-SNP** “confidential VM” protections. The attack model assumes a **malicious insider with host/hypervisor control** who can run a parallel hyperthread and exploit a previously undocumented hypervisor-side control bit to manipulate the protected guest’s stack pointer behavior, particularly when **Simultaneous Multithreading (SMT)** is enabled. Reported impacts include the ability to recover sensitive data from SEV-SNP guests—such as **cryptographic private keys**—and to enable follow-on compromise scenarios like **bypassing OpenSSH password authentication** and **privilege escalation** within the VM. AMD issued patches (made available in **July 2025**) and later published a security bulletin rating the issue **low severity**, but the disclosure highlights ongoing risk that confidential computing isolation can be weakened by CPU-level behaviors; organizations running SEV-SNP should prioritize applying AMD’s updates and review SMT-related exposure in multi-tenant or high-trust boundary environments.
Mar 21, 2026