CVE-2025-40300 (GCVE-0-2025-40300)
Vulnerability from cvelistv5 – Published: 2025-09-11 16:49 – Updated: 2026-07-14 12:43
VLAI
EPSS
VEX
Title
x86/vmscape: Add conditional IBPB mitigation
Summary
In the Linux kernel, the following vulnerability has been resolved:
x86/vmscape: Add conditional IBPB mitigation
VMSCAPE is a vulnerability that exploits insufficient branch predictor
isolation between a guest and a userspace hypervisor (like QEMU). Existing
mitigations already protect kernel/KVM from a malicious guest. Userspace
can additionally be protected by flushing the branch predictors after a
VMexit.
Since it is the userspace that consumes the poisoned branch predictors,
conditionally issue an IBPB after a VMexit and before returning to
userspace. Workloads that frequently switch between hypervisor and
userspace will incur the most overhead from the new IBPB.
This new IBPB is not integrated with the existing IBPB sites. For
instance, a task can use the existing speculation control prctl() to
get an IBPB at context switch time. With this implementation, the
IBPB is doubled up: one at context switch and another before running
userspace.
The intent is to integrate and optimize these cases post-embargo.
[ dhansen: elaborate on suboptimal IBPB solution ]
Severity
No CVSS data available.
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
Assigner
References
22 references
Impacted products
6 products
| Vendor | Product | Version | |
|---|---|---|---|
| Linux | Linux |
Affected:
15d45071523d89b3fb7372e2135fbd72f6af9506 , < ac60717f9a8d21c58617d0b34274babf24135835
(git)
Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < c08192b5d6730a914dee6175bc71092ee6a65f14 (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < d5490dfa35427a2967e00a4c7a1b95fdbc8ede34 (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 15006289e5c38b2a830e1fba221977a27598176c (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 893387c18612bb452336a5881da0d015a7e8f4a2 (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < f866eef8d1c65504d30923c3f14082ad294d0e6d (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 34e5667041050711a947e260fc9ebebe08bddee5 (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < d7ddc93392e4a7ffcccc86edf6ef3e64c778db52 (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 459274c77b37ac63b78c928b4b4e748d1f9d05c8 (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 510603f504796c3535f67f55fb0b124a303b44c8 (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 9c23a90648e831d611152ac08dbcd1283d405e7f (git) Affected: 15d45071523d89b3fb7372e2135fbd72f6af9506 , < 2f8f173413f1cbf52660d04df92d0069c4306d25 (git) Affected: c51f1e5f57cca88d8d5894b6fad1638f643a99d0 (git) Affected: 4b3870c343a82cd2df7192cc5149c87205dcc611 (git) Affected: 3.16.57 , < 3.17 (semver) Affected: 4.4.168 , < 4.5 (semver) |
|
| Linux | Linux |
Affected:
4.16
Unaffected: 0 , < 4.16 (semver) Unaffected: 5.10.244 , ≤ 5.10.* (semver) Unaffected: 5.15.193 , ≤ 5.15.* (semver) Unaffected: 6.1.152 , ≤ 6.1.* (semver) Unaffected: 6.6.106 , ≤ 6.6.* (semver) Unaffected: 6.12.47 , ≤ 6.12.* (semver) Unaffected: 6.16.7 , ≤ 6.16.* (semver) Unaffected: 6.17 , ≤ * (original_commit_for_fix) |
|
| Siemens | SIMATIC CN 4100 |
Affected:
0 , < V5.0
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
|
| Siemens | SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
|
| Siemens | SIPLUS S7-1500 CPU 1518-4 PN/DP MFP |
Affected:
V3.1.6 , < *
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-17T16:05:33.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/14/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/14/4"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/14/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/17/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/11/17/3"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIMATIC CN 4100",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V5.0",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "V3.1.6",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-14T12:43:28.095Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-032379.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-019113.html"
}
],
"x_adpType": "supplier"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-40300",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-06-10T20:41:37.391418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-06-11T18:44:14.417Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"arch/x86/include/asm/cpufeatures.h",
"arch/x86/include/asm/entry-common.h",
"arch/x86/include/asm/nospec-branch.h",
"arch/x86/kernel/cpu/bugs.c",
"arch/x86/kvm/x86.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "ac60717f9a8d21c58617d0b34274babf24135835",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "c08192b5d6730a914dee6175bc71092ee6a65f14",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "d5490dfa35427a2967e00a4c7a1b95fdbc8ede34",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "15006289e5c38b2a830e1fba221977a27598176c",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "893387c18612bb452336a5881da0d015a7e8f4a2",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "f866eef8d1c65504d30923c3f14082ad294d0e6d",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "34e5667041050711a947e260fc9ebebe08bddee5",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "d7ddc93392e4a7ffcccc86edf6ef3e64c778db52",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "459274c77b37ac63b78c928b4b4e748d1f9d05c8",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "510603f504796c3535f67f55fb0b124a303b44c8",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "9c23a90648e831d611152ac08dbcd1283d405e7f",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"lessThan": "2f8f173413f1cbf52660d04df92d0069c4306d25",
"status": "affected",
"version": "15d45071523d89b3fb7372e2135fbd72f6af9506",
"versionType": "git"
},
{
"status": "affected",
"version": "c51f1e5f57cca88d8d5894b6fad1638f643a99d0",
"versionType": "git"
},
{
"status": "affected",
"version": "4b3870c343a82cd2df7192cc5149c87205dcc611",
"versionType": "git"
},
{
"lessThan": "3.17",
"status": "affected",
"version": "3.16.57",
"versionType": "semver"
},
{
"lessThan": "4.5",
"status": "affected",
"version": "4.4.168",
"versionType": "semver"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"arch/x86/include/asm/cpufeatures.h",
"arch/x86/include/asm/entry-common.h",
"arch/x86/include/asm/nospec-branch.h",
"arch/x86/kernel/cpu/bugs.c",
"arch/x86/kvm/x86.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "4.16"
},
{
"lessThan": "4.16",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.10.*",
"status": "unaffected",
"version": "5.10.244",
"versionType": "semver"
},
{
"lessThanOrEqual": "5.15.*",
"status": "unaffected",
"version": "5.15.193",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.1.*",
"status": "unaffected",
"version": "6.1.152",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.106",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.47",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.16.*",
"status": "unaffected",
"version": "6.16.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.17",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.244",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.10.244",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.193",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "5.15.193",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.152",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.1.152",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.106",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.106",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.47",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.47",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.7",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.16.7",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17",
"versionStartIncluding": "4.16",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "3.16.57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionStartIncluding": "4.4.168",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\nx86/vmscape: Add conditional IBPB mitigation\n\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\nmitigations already protect kernel/KVM from a malicious guest. Userspace\ncan additionally be protected by flushing the branch predictors after a\nVMexit.\n\nSince it is the userspace that consumes the poisoned branch predictors,\nconditionally issue an IBPB after a VMexit and before returning to\nuserspace. Workloads that frequently switch between hypervisor and\nuserspace will incur the most overhead from the new IBPB.\n\nThis new IBPB is not integrated with the existing IBPB sites. For\ninstance, a task can use the existing speculation control prctl() to\nget an IBPB at context switch time. With this implementation, the\nIBPB is doubled up: one at context switch and another before running\nuserspace.\n\nThe intent is to integrate and optimize these cases post-embargo.\n\n[ dhansen: elaborate on suboptimal IBPB solution ]"
}
],
"providerMetadata": {
"dateUpdated": "2026-05-23T16:02:01.395Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/ac60717f9a8d21c58617d0b34274babf24135835"
},
{
"url": "https://git.kernel.org/stable/c/c08192b5d6730a914dee6175bc71092ee6a65f14"
},
{
"url": "https://git.kernel.org/stable/c/d5490dfa35427a2967e00a4c7a1b95fdbc8ede34"
},
{
"url": "https://git.kernel.org/stable/c/2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e"
},
{
"url": "https://git.kernel.org/stable/c/15006289e5c38b2a830e1fba221977a27598176c"
},
{
"url": "https://git.kernel.org/stable/c/893387c18612bb452336a5881da0d015a7e8f4a2"
},
{
"url": "https://git.kernel.org/stable/c/f866eef8d1c65504d30923c3f14082ad294d0e6d"
},
{
"url": "https://git.kernel.org/stable/c/34e5667041050711a947e260fc9ebebe08bddee5"
},
{
"url": "https://git.kernel.org/stable/c/d7ddc93392e4a7ffcccc86edf6ef3e64c778db52"
},
{
"url": "https://git.kernel.org/stable/c/459274c77b37ac63b78c928b4b4e748d1f9d05c8"
},
{
"url": "https://git.kernel.org/stable/c/510603f504796c3535f67f55fb0b124a303b44c8"
},
{
"url": "https://git.kernel.org/stable/c/9c23a90648e831d611152ac08dbcd1283d405e7f"
},
{
"url": "https://git.kernel.org/stable/c/2f8f173413f1cbf52660d04df92d0069c4306d25"
}
],
"title": "x86/vmscape: Add conditional IBPB mitigation",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-40300",
"datePublished": "2025-09-11T16:49:24.809Z",
"dateReserved": "2025-04-16T07:20:57.185Z",
"dateUpdated": "2026-07-14T12:43:28.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2025-40300",
"date": "2026-07-14",
"epss": "0.00331",
"percentile": "0.25166"
},
"microsoft_vex": {
"current_release_date": "2026-02-24T14:41:44.000Z",
"cve": "CVE-2025-40300",
"id": "msrc_CVE-2025-40300",
"initial_release_date": "2025-09-02T00:00:00.000Z",
"product_status:fixed": "2",
"product_status:known_affected": "3",
"source": "Microsoft CSAF VEX",
"status": "final",
"title": "x86/vmscape: Add conditional IBPB mitigation",
"url": "https://msrc.microsoft.com/csaf/vex/2025/msrc_cve-2025-40300.json",
"version": "4"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2025-40300\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2025-09-11T17:15:45.680\",\"lastModified\":\"2026-07-14T13:17:53.820\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\nx86/vmscape: Add conditional IBPB mitigation\\n\\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\\nmitigations already protect kernel/KVM from a malicious guest. Userspace\\ncan additionally be protected by flushing the branch predictors after a\\nVMexit.\\n\\nSince it is the userspace that consumes the poisoned branch predictors,\\nconditionally issue an IBPB after a VMexit and before returning to\\nuserspace. Workloads that frequently switch between hypervisor and\\nuserspace will incur the most overhead from the new IBPB.\\n\\nThis new IBPB is not integrated with the existing IBPB sites. For\\ninstance, a task can use the existing speculation control prctl() to\\nget an IBPB at context switch time. With this implementation, the\\nIBPB is doubled up: one at context switch and another before running\\nuserspace.\\n\\nThe intent is to integrate and optimize these cases post-embargo.\\n\\n[ dhansen: elaborate on suboptimal IBPB solution ]\"}],\"affected\":[{\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"affectedData\":[{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"unaffected\",\"programFiles\":[\"arch/x86/include/asm/cpufeatures.h\",\"arch/x86/include/asm/entry-common.h\",\"arch/x86/include/asm/nospec-branch.h\",\"arch/x86/kernel/cpu/bugs.c\",\"arch/x86/kvm/x86.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"ac60717f9a8d21c58617d0b34274babf24135835\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"c08192b5d6730a914dee6175bc71092ee6a65f14\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"d5490dfa35427a2967e00a4c7a1b95fdbc8ede34\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"15006289e5c38b2a830e1fba221977a27598176c\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"893387c18612bb452336a5881da0d015a7e8f4a2\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"f866eef8d1c65504d30923c3f14082ad294d0e6d\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"34e5667041050711a947e260fc9ebebe08bddee5\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"d7ddc93392e4a7ffcccc86edf6ef3e64c778db52\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"459274c77b37ac63b78c928b4b4e748d1f9d05c8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"510603f504796c3535f67f55fb0b124a303b44c8\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"9c23a90648e831d611152ac08dbcd1283d405e7f\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"15d45071523d89b3fb7372e2135fbd72f6af9506\",\"lessThan\":\"2f8f173413f1cbf52660d04df92d0069c4306d25\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"c51f1e5f57cca88d8d5894b6fad1638f643a99d0\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"4b3870c343a82cd2df7192cc5149c87205dcc611\",\"versionType\":\"git\",\"status\":\"affected\"},{\"version\":\"3.16.57\",\"lessThan\":\"3.17\",\"versionType\":\"semver\",\"status\":\"affected\"},{\"version\":\"4.4.168\",\"lessThan\":\"4.5\",\"versionType\":\"semver\",\"status\":\"affected\"}]},{\"vendor\":\"Linux\",\"product\":\"Linux\",\"defaultStatus\":\"affected\",\"programFiles\":[\"arch/x86/include/asm/cpufeatures.h\",\"arch/x86/include/asm/entry-common.h\",\"arch/x86/include/asm/nospec-branch.h\",\"arch/x86/kernel/cpu/bugs.c\",\"arch/x86/kvm/x86.c\"],\"repo\":\"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\",\"versions\":[{\"version\":\"4.16\",\"status\":\"affected\"},{\"version\":\"0\",\"lessThan\":\"4.16\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.10.244\",\"lessThanOrEqual\":\"5.10.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"5.15.193\",\"lessThanOrEqual\":\"5.15.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.1.152\",\"lessThanOrEqual\":\"6.1.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.6.106\",\"lessThanOrEqual\":\"6.6.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.12.47\",\"lessThanOrEqual\":\"6.12.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.16.7\",\"lessThanOrEqual\":\"6.16.*\",\"versionType\":\"semver\",\"status\":\"unaffected\"},{\"version\":\"6.17\",\"lessThanOrEqual\":\"*\",\"versionType\":\"original_commit_for_fix\",\"status\":\"unaffected\"}]}]},{\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\",\"affectedData\":[{\"vendor\":\"Siemens\",\"product\":\"SIMATIC CN 4100\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"0\",\"lessThan\":\"V5.0\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]},{\"vendor\":\"Siemens\",\"product\":\"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\",\"defaultStatus\":\"unknown\",\"versions\":[{\"version\":\"V3.1.6\",\"lessThan\":\"*\",\"versionType\":\"custom\",\"status\":\"affected\"}]}]}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"ssvcV203\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"ssvcData\":{\"timestamp\":\"2026-06-10T20:41:37.391418Z\",\"id\":\"CVE-2025-40300\",\"options\":[{\"exploitation\":\"none\"},{\"automatable\":\"no\"},{\"technicalImpact\":\"partial\"}],\"role\":\"CISA Coordinator\",\"version\":\"2.0.3\"}}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.16.57\",\"versionEndExcluding\":\"3.17\",\"matchCriteriaId\":\"38BA6B6B-1C08-4FA2-9202-D6F0F7E2F21C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.4.168\",\"versionEndExcluding\":\"4.5\",\"matchCriteriaId\":\"68F4BCC8-70D1-46FF-A19E-D5A6FC362749\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.16\",\"versionEndExcluding\":\"5.10.244\",\"matchCriteriaId\":\"647FF2A6-2089-4797-A4F2-9E2BA4FBAB45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.11\",\"versionEndExcluding\":\"5.15.193\",\"matchCriteriaId\":\"74E3763E-8BAB-42B3-985E-CCEA1FCE2FC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.16\",\"versionEndExcluding\":\"6.1.152\",\"matchCriteriaId\":\"AF43F1FA-EFBE-454C-91F8-6C4C06377D7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.2\",\"versionEndExcluding\":\"6.6.106\",\"matchCriteriaId\":\"AA718064-3FF6-4B00-9036-2338A1A82649\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.7\",\"versionEndExcluding\":\"6.12.47\",\"matchCriteriaId\":\"AF8BEADD-66F7-4108-8645-6B88A955C102\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"6.13\",\"versionEndExcluding\":\"6.16.7\",\"matchCriteriaId\":\"6398BD1D-2C0D-42F5-AE12-015B8C529AD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"327D22EF-390B-454C-BD31-2ED23C998A1C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C730CD9A-D969-4A8E-9522-162AAF7C0EE9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"39982C4B-716E-4B2F-8196-FA301F47807D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"340BEEA9-D70D-4290-B502-FBB1032353B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:6.17:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"47E4C5C0-079F-4838-971B-8C503D48FCC2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"https://git.kernel.org/stable/c/15006289e5c38b2a830e1fba221977a27598176c\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/2f8f173413f1cbf52660d04df92d0069c4306d25\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/34e5667041050711a947e260fc9ebebe08bddee5\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/459274c77b37ac63b78c928b4b4e748d1f9d05c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/510603f504796c3535f67f55fb0b124a303b44c8\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/893387c18612bb452336a5881da0d015a7e8f4a2\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/9c23a90648e831d611152ac08dbcd1283d405e7f\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/ac60717f9a8d21c58617d0b34274babf24135835\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/c08192b5d6730a914dee6175bc71092ee6a65f14\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d5490dfa35427a2967e00a4c7a1b95fdbc8ede34\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/d7ddc93392e4a7ffcccc86edf6ef3e64c778db52\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"https://git.kernel.org/stable/c/f866eef8d1c65504d30923c3f14082ad294d0e6d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/11/14/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/11/14/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/11/14/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/11/17/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2025/11/17/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-019113.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"},{\"url\":\"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\",\"source\":\"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\"}]}}",
"redhat_vex": {
"aggregate_severity": "Moderate",
"current_release_date": "2026-06-28T08:24:59+00:00",
"cve": "CVE-2025-40300",
"id": "CVE-2025-40300",
"initial_release_date": "2025-09-11T16:49:24.809000+00:00",
"product_status:fixed": "2171",
"product_status:known_affected": "64",
"product_status:known_not_affected": "65",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "kernel: x86/vmscape: Add conditional IBPB mitigation",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2025/cve-2025-40300.json",
"version": "3"
},
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00008.html\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2025/10/msg00007.html\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/11/14/3\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/11/14/4\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/11/14/6\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/11/17/2\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2025/11/17/3\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-17T16:05:33.433Z\"}}, {\"affected\": [{\"vendor\": \"Siemens\", \"product\": \"SIMATIC CN 4100\", \"versions\": [{\"status\": \"affected\", \"version\": \"0\", \"lessThan\": \"V5.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}, {\"vendor\": \"Siemens\", \"product\": \"SIPLUS S7-1500 CPU 1518-4 PN/DP MFP\", \"versions\": [{\"status\": \"affected\", \"version\": \"V3.1.6\", \"lessThan\": \"*\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"x_adpType\": \"supplier\", \"references\": [{\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-032379.html\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/html/ssa-019113.html\"}], \"providerMetadata\": {\"orgId\": \"0b142b55-0307-4c5a-b3c9-f314f3fb7c5e\", \"shortName\": \"siemens-SADP\", \"dateUpdated\": \"2026-07-14T12:43:28.095Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-40300\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-06-10T20:41:37.391418Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-06-11T17:38:33.511Z\"}}], \"cna\": {\"title\": \"x86/vmscape: Add conditional IBPB mitigation\", \"affected\": [{\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"ac60717f9a8d21c58617d0b34274babf24135835\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"c08192b5d6730a914dee6175bc71092ee6a65f14\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"d5490dfa35427a2967e00a4c7a1b95fdbc8ede34\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"15006289e5c38b2a830e1fba221977a27598176c\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"893387c18612bb452336a5881da0d015a7e8f4a2\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"f866eef8d1c65504d30923c3f14082ad294d0e6d\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"34e5667041050711a947e260fc9ebebe08bddee5\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"d7ddc93392e4a7ffcccc86edf6ef3e64c778db52\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"459274c77b37ac63b78c928b4b4e748d1f9d05c8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"510603f504796c3535f67f55fb0b124a303b44c8\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"9c23a90648e831d611152ac08dbcd1283d405e7f\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"15d45071523d89b3fb7372e2135fbd72f6af9506\", \"lessThan\": \"2f8f173413f1cbf52660d04df92d0069c4306d25\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"c51f1e5f57cca88d8d5894b6fad1638f643a99d0\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"4b3870c343a82cd2df7192cc5149c87205dcc611\", \"versionType\": \"git\"}, {\"status\": \"affected\", \"version\": \"3.16.57\", \"lessThan\": \"3.17\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.4.168\", \"lessThan\": \"4.5\", \"versionType\": \"semver\"}], \"programFiles\": [\"arch/x86/include/asm/cpufeatures.h\", \"arch/x86/include/asm/entry-common.h\", \"arch/x86/include/asm/nospec-branch.h\", \"arch/x86/kernel/cpu/bugs.c\", \"arch/x86/kvm/x86.c\"], \"defaultStatus\": \"unaffected\"}, {\"repo\": \"https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git\", \"vendor\": \"Linux\", \"product\": \"Linux\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.16\"}, {\"status\": \"unaffected\", \"version\": \"0\", \"lessThan\": \"4.16\", \"versionType\": \"semver\"}, {\"status\": \"unaffected\", \"version\": \"5.10.244\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.10.*\"}, {\"status\": \"unaffected\", \"version\": \"5.15.193\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"5.15.*\"}, {\"status\": \"unaffected\", \"version\": \"6.1.152\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.1.*\"}, {\"status\": \"unaffected\", \"version\": \"6.6.106\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.6.*\"}, {\"status\": \"unaffected\", \"version\": \"6.12.47\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.12.*\"}, {\"status\": \"unaffected\", \"version\": \"6.16.7\", \"versionType\": \"semver\", \"lessThanOrEqual\": \"6.16.*\"}, {\"status\": \"unaffected\", \"version\": \"6.17\", \"versionType\": \"original_commit_for_fix\", \"lessThanOrEqual\": \"*\"}], \"programFiles\": [\"arch/x86/include/asm/cpufeatures.h\", \"arch/x86/include/asm/entry-common.h\", \"arch/x86/include/asm/nospec-branch.h\", \"arch/x86/kernel/cpu/bugs.c\", \"arch/x86/kvm/x86.c\"], \"defaultStatus\": \"affected\"}], \"references\": [{\"url\": \"https://git.kernel.org/stable/c/ac60717f9a8d21c58617d0b34274babf24135835\"}, {\"url\": \"https://git.kernel.org/stable/c/c08192b5d6730a914dee6175bc71092ee6a65f14\"}, {\"url\": \"https://git.kernel.org/stable/c/d5490dfa35427a2967e00a4c7a1b95fdbc8ede34\"}, {\"url\": \"https://git.kernel.org/stable/c/2f4f2f8f860cb4c3336a7435ebe8dcfded0c9c6e\"}, {\"url\": \"https://git.kernel.org/stable/c/15006289e5c38b2a830e1fba221977a27598176c\"}, {\"url\": \"https://git.kernel.org/stable/c/893387c18612bb452336a5881da0d015a7e8f4a2\"}, {\"url\": \"https://git.kernel.org/stable/c/f866eef8d1c65504d30923c3f14082ad294d0e6d\"}, {\"url\": \"https://git.kernel.org/stable/c/34e5667041050711a947e260fc9ebebe08bddee5\"}, {\"url\": \"https://git.kernel.org/stable/c/d7ddc93392e4a7ffcccc86edf6ef3e64c778db52\"}, {\"url\": \"https://git.kernel.org/stable/c/459274c77b37ac63b78c928b4b4e748d1f9d05c8\"}, {\"url\": \"https://git.kernel.org/stable/c/510603f504796c3535f67f55fb0b124a303b44c8\"}, {\"url\": \"https://git.kernel.org/stable/c/9c23a90648e831d611152ac08dbcd1283d405e7f\"}, {\"url\": \"https://git.kernel.org/stable/c/2f8f173413f1cbf52660d04df92d0069c4306d25\"}], \"x_generator\": {\"engine\": \"bippy-1.2.0\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"In the Linux kernel, the following vulnerability has been resolved:\\n\\nx86/vmscape: Add conditional IBPB mitigation\\n\\nVMSCAPE is a vulnerability that exploits insufficient branch predictor\\nisolation between a guest and a userspace hypervisor (like QEMU). Existing\\nmitigations already protect kernel/KVM from a malicious guest. Userspace\\ncan additionally be protected by flushing the branch predictors after a\\nVMexit.\\n\\nSince it is the userspace that consumes the poisoned branch predictors,\\nconditionally issue an IBPB after a VMexit and before returning to\\nuserspace. Workloads that frequently switch between hypervisor and\\nuserspace will incur the most overhead from the new IBPB.\\n\\nThis new IBPB is not integrated with the existing IBPB sites. For\\ninstance, a task can use the existing speculation control prctl() to\\nget an IBPB at context switch time. With this implementation, the\\nIBPB is doubled up: one at context switch and another before running\\nuserspace.\\n\\nThe intent is to integrate and optimize these cases post-embargo.\\n\\n[ dhansen: elaborate on suboptimal IBPB solution ]\"}], \"cpeApplicability\": [{\"nodes\": [{\"negate\": false, \"cpeMatch\": [{\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.244\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.10.244\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.193\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"5.15.193\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.152\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.1.152\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.106\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.6.106\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.47\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.12.47\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.16.7\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.16.7\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionEndExcluding\": \"6.17\", \"versionStartIncluding\": \"4.16\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"3.16.57\"}, {\"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"vulnerable\": true, \"versionStartIncluding\": \"4.4.168\"}], \"operator\": \"OR\"}]}], \"providerMetadata\": {\"orgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"shortName\": \"Linux\", \"dateUpdated\": \"2026-05-23T16:02:01.395Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2025-40300\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-07-14T12:43:28.095Z\", \"dateReserved\": \"2025-04-16T07:20:57.185Z\", \"assignerOrgId\": \"416baaa9-dc9f-4396-8d5f-8c081fb06d67\", \"datePublished\": \"2025-09-11T16:49:24.809Z\", \"assignerShortName\": \"Linux\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…