AMD Prozessoren und Xen: Schwachstelle ermöglicht Offenlegung von Informationen CVSS 3.3
Summary
CERT-Bund published security advisory WID-SEC-2026-1175 disclosing a vulnerability in AMD processors running Xen hypervisor that enables information disclosure. The flaw carries a CVSS Base Score of 3.3 (low) and Temporal Score of 2.9 (low); remote attack is not possible. Affected products include AMD EPYC 7001/3000 Series, Athlon 3000 Series, Ryzen 3000/PRO 3000 Series processors, and multiple Open Source Xen versions prior to specified patches. Mitigation measures are available.
“Ein lokaler Angreifer kann eine Schwachstelle in AMD Prozessoren und Xen ausnutzen, um Informationen offenzulegen.”
What changed
CERT-Bund issued a security advisory describing a vulnerability in AMD processors combined with Xen hypervisor that allows a local attacker to disclose information. The vulnerability affects multiple AMD processor product lines (EPYC 7001, EPYC Embedded 3000, Athlon 3000, Ryzen 3000, Ryzen PRO 3000) and Open Source Xen versions prior to xsa488 patches. CVSS scores indicate low severity, and remote exploitation is not possible.
Organizations running affected AMD processors with Xen hypervisors should evaluate their exposure and apply available mitigation measures. System administrators managing virtualized infrastructure should verify whether their processor models and Xen versions are in scope and implement patches when available.
Archived snapshot
Apr 20, 2026GovPing captured this document from the original source. If the source has since changed or been removed, this is the text as it existed at that time.
[WID-SEC-2026-1175] AMD Prozessoren und Xen: Schwachstelle ermöglicht Offenlegung von Informationen CVSS Base Score 3.3 (niedrig) CVSS Temporal Score 2.9 (niedrig) Remoteangriff nein Datum 19.04.2026 Stand 20.04.2026 Mitigation ja
Betroffene Systeme
Betriebssystem
- Linux
- Sonstiges
- UNIX
Produktbeschreibung
Prozessoren sind die zentralen Rechenwerke eines Computers.
Xen ist ein Virtueller-Maschinen-Monitor (VMM), der Hardware (x86, IA-64, PowerPC) für die darauf laufenden Systeme (Domains) paravirtualisiert.
Produkte
19.04.2026
- AMD Prozessor EPYC 7001 Series
AMD Prozessor EPYC Embedded 3000 Series
AMD Prozessor Athlon 3000 Series
AMD Prozessor Ryzen 3000 Series
AMD Prozessor Ryzen PRO 3000 Series
Open Source Xen <xsa488.patch
Open Source Xen <xsa488-4.17.patch
Open Source Xen <xsa488-4.18.patch
Open Source Xen <xsa488-4.20.patch
Angriff
Angriff
Ein lokaler Angreifer kann eine Schwachstelle in AMD Prozessoren und Xen ausnutzen, um Informationen offenzulegen. CVE Informationen Versionshistorie Feedback zum Advisory geben
Related changes
Get daily alerts for CERT-Bund Security Advisories
Daily digest delivered to your inbox.
Free. Unsubscribe anytime.
Source
About this page
Every important government, regulator, and court update from around the world. One place. Real-time. Free. Our mission
Source document text, dates, docket IDs, and authority are extracted directly from CERT-Bund.
The summary, classification, recommended actions, deadlines, and penalty information are AI-generated from the original text and may contain errors. Always verify against the source document.
Classification
Who this affects
Taxonomy
Browse Categories
Get alerts for this source
We'll email you when CERT-Bund Security Advisories publishes new changes.
Subscribed!
Optional. Filters your digest to exactly the updates that matter to you.