Xen project Mailing List

Xen Security Advisory 490 v1 (CVE-2025-54518) - x86: CPU Opcode Cache corruption

To: xen-announce@xxxxxxxxxxxxx, xen-devel@xxxxxxxxxxxxx, xen-users@xxxxxxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx

From: Xen.org security team <security@xxxxxxx>

Date: Tue, 12 May 2026 16:02:15 +0000

Authentication-results: eu.smtp.expurgate.cloud; none

Cc: Xen.org security team <security-team-members@xxxxxxx>

Delivery-date: Tue, 12 May 2026 16:03:00 +0000

List-id: Xen user discussion <xen-users.lists.xenproject.org>

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Xen Security Advisory CVE-2025-54518 / XSA-490 x86: CPU Opcode Cache corruption ISSUE DESCRIPTION ================= AMD have disclosed a potential vulnerability in certain CPUs which can cause instructions to execute at a higher privilege. For more information, see: https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7052.html IMPACT ====== Code of any privilege could escalate to a higher privilege, including userspace to kernel, and guest to host. VULNERABLE SYSTEMS ================== Systems running all versions of Xen are affected. Only AMD Fam17h CPUs (Zen2 microarchitecture) are believed to be vulnerable. Other AMD CPUs and CPUs from other manufacturers are not known to be affected. MITIGATION ========== There are no mitigations. RESOLUTION ========== Applying the appropriate attached patch resolves this issue. For Xen 4.17, patch 1 is a backport of a change which only went back as far as 4.18 under normal bugfix rules, but which is tightly texturally coupled with the XSA-940 fix. It is possible to rework patch 2 to avoid patch 1, but a number of Xen-focused downstreams already have patch 1 backported, and those without patch 1 really ought to take it. So, while this is slightly abnormal for an XSA, it is believed to be in the best interest of everyone with a 4.17 based Xen. Note that patches for released versions are generally prepared to apply to the stable branches, and may not apply cleanly to the most recent release tarball. Downstreams are encouraged to update to the tip of the stable branch before applying these patches. xsa490.patch xen-unstable xsa490-4.21.patch Xen 4.21.x - Xen 4.18.x xsa490-4.17-?.patch Xen 4.17.x $ sha256sum xsa490* 7c256d3384bf640d171ae2f18930c193a72bbdd92ebeb8942e58634dd7b27439 xsa490.patch 4d64d95937630f2147bb69d0d0ff24fc7d97efd48e376d882265662f93886ec7 xsa490-4.17-1.patch 6c717a5bd914088463c74b89893672388848a2222165478aed63b6c2a4151e28 xsa490-4.17-2.patch 1e397550a542bc0957bf93a6e6f01ffcdfe8f005697a505c62ec6120a72d3f90 xsa490-4.21.patch $ -----BEGIN PGP SIGNATURE----- iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmoDTuQMHHBncEB4ZW4u b3JnAAoJEIP+FMlX6CvZn38H/2xujQ3YDEsE2U8RiH/6M1yVxnATlCEqEPBxIcVX h6W4QMzlFw/IXZBi6twduuzMME2uX6eKWCbE9riw2v4lybgNYMxV20oW86LhjLwr uL1NHJ3Fop1IuRy+po20jmT9sPfpieHU9zGmFvgd/k91gSZ1b/5G8k36MtgODL0j 4Svsdo3LYSvULQn5EymjO/t57ZZIDBWj5Od7aBbPuGkQKtW6+/UCE0JnrzOtP+Di 0Y5bBSUhwrMh0h32AV/w2nwvFQN/EeyakfjDWQc1ST6wHzFMLSo2kaY40TZ6C+T8 RnN646ouPizmiSDu2G/dMrLJ5kc3PFqQvN3JRI4dyf075yg= =Dclq -----END PGP SIGNATURE-----

Attachment: xsa490.patch
Description: Binary data

Attachment: xsa490-4.17-1.patch
Description: Binary data

Attachment: xsa490-4.17-2.patch
Description: Binary data

Attachment: xsa490-4.21.patch
Description: Binary data

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.