CVE-2026-23553

CVSS v3.1

2.9

Low

Vector

AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xen (affected versions not specified)

Description The issue relates to the context switch logic within Xen. Specifically, Xen attempts to skip an IBPB (Instruction Barrier Page Base) when a virtual CPU (vCPU) returns to a CPU it previously ran on. While this action maintains isolation between vCPUs from Xen's perspective, it prevents the guest kernel from correctly isolating between tasks. This can lead to a scenario where a new task is executed with the training data of a previous task still present in the Branch Target Buffer (BTB).

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Protection Mechanism Failure

Improper Initialization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-693CWE-665

Related Identifiers

CVE-2026-23553

MGASA-2026-0026

OPENSUSE-SU-2026:10118-1

SUSE-SU-2026:0303-1

SUSE-SU-2026:0304-1

SUSE-SU-2026:0306-1

SUSE-SU-2026:0328-1

SUSE-SU-2026:0329-1

SUSE-SU-2026:0394-1

SUSE-SU-2026:0589-1

Affected Products

Xen

CVE-2026-23553

Weakness Enumeration

Related Identifiers

Affected Products

References · 54