Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Linux kernel developers security patch release for CVE-2025-40300

Security Patch Release
First reported
Last updated
Happening score
H score 9
1 unique sources, 1 articles

Summary

Hide ▲

Linux kernel developers released IBPB-on-VMEXIT patches to mitigate VMScape, reducing speculative leakage risk when a guest VM switches to the host. The fix addresses CVE-2025-40300 and targets the QEMU-based virtualization path where branch-prediction state could leak secrets. The mitigation is aimed at guest-to-host context switches and was reported to have minimal performance impact in common workloads.

Related Happenings

Linux kernel security update for Copy Fail (CVE-2026-31431)

Security Patch Release
First: 30.04.2026 16:54 Last: 30.04.2026 16:54 Sources 1

About this happening: **Linux kernel** maintainers have fixed **CVE-2026-31431** and are rolling out updates to close a **local privilege escalation** flaw that lets an unprivileged attacker gain **roo...

Open Happening

Linux distributions mitigation advisories for CVE-2026-31431

Advisory/Mitigation
First: 30.04.2026 12:24 Last: 30.04.2026 12:24 Sources 1

About this happening: Multiple **Linux distributions** released advisories for **CVE-2026-31431**, adding mitigation guidance for a **Linux kernel local privilege escalation** that can let an unprivile...

Open Happening

Payouts King ransomware QEMU reverse SSH backdoor activity

Malware Activity
First: 17.04.2026 22:10 Last: 17.04.2026 22:10 Sources 1

About this happening: **Payouts King ransomware** is using **QEMU** hidden virtual machines and a **reverse SSH backdoor** to keep covert access on compromised hosts and evade endpoint security. The ma...

Open Happening

Vm2 maintainers security patch release for CVE-2026-22709

Security Patch Release
First: 28.01.2026 16:01 Last: 28.01.2026 16:01 Sources 1

About this happening: **vm2** maintainers released a fix for **CVE-2026-22709** in **vm2 3.10.2** and directed users to upgrade to **3.10.3**, reducing the risk of **sandbox escape** and **arbitrary co...

Open Happening

Trend Micro security patch release for CVE-2025-69258

Security Patch Release
First: 09.01.2026 12:01 Last: 09.01.2026 12:01 Sources 1

About this happening: **Trend Micro** released **security updates** for **Apex Central for Windows** to fix **CVE-2025-69258**, a **9.8 CVSS** remote-code-execution flaw that could let an unauthenticat...

Open Happening

Timeline

  2. 11.09.2025 18:05 2 articles · 8mo ago

    VMScape public disclosure and Linux IBPB-on-VMEXIT mitigation

    Mitigation Patch Update

    VMScape was publicly described as a Spectre-like attack that lets a malicious VM leak cryptographic keys from an unmodified QEMU hypervisor process on modern AMD and Intel CPUs, and Linux kernel developers released IBPB-on-VMEXIT patches to flush branch prediction state when switching from guest to host; AMD also released a security bulletin for CVE-2025-40300.

    Show sources
    Open in new tab