CVE-2026-23553Improper Initialization in XEN

CWE-665Improper InitializationCWE-693Protection Mechanism Failure7 documents6 sources
Severity
2.9LOWNVD
EPSS
0.0%
top 92.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
XEN
Timeline
PublishedJan 28

Description

In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks. Consider: 1) vCPU runs on CPU A, running task 1. 2) vCPU moves to CPU B, idle gets scheduled on A. Xen skips IBPB. 3) On CPU B, guest kernel switches from task 1 to 2, issuing IBPB. 4) vCPU moves back to CPU A. Xen skips IBPB again. Now, task 2 i

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 1.4 | Impact: 1.4

Affected Packages3 packages

Alpinexen/xen< 4.18.5-r4+3
Debianxen/xen< 4.20.2+37-g61ff35323e-0+deb13u1+1
NVDxen/xen

Patches

Patch: xenbits.xenproject.orgPatch: www.openwall.comPatch: xenbits.xen.org

🔴Vulnerability Details

4
CVEList
x86: incomplete IBPB for vCPU isolation2026-01-28
OSV
CVE-2026-23553: In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run2026-01-28
GHSA
GHSA-pxqc-5jg3-xfqm: In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run2026-01-28
OSV
CVE-2026-23553: In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run2026-01-28

📋Vendor Advisories

1
Debian
CVE-2026-23553: xen - In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU r...2026

🕵️Threat Intelligence

1
Wiz
CVE-2026-23553 Impact, Exploitability, and Mitigation Steps | Wiz