HIGH
x86/amd OpCache Isolation
CVE-2026-46174
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
KernelScan AI8.8HIGH
01Description
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instruction corruption this way.
02KernelScan AI Analysis
Risk summary
AMD Zen2 processors fail to properly isolate shared resources in the operation cache, potentially allowing instruction corruption across security boundaries. This affects multi-tenant environments, containers, and virtual machines where different security contexts share the same physical CPU core.
Vulnerability analysis
The vulnerability stems from improper isolation of shared resources in AMD Zen2's operation cache, which can cause instruction corruption when multiple processes or security contexts share CPU resources. The root cause is missing initialization of a hardware bug fix bit (MSR_ZEN2_BP_CFG_BUG_FIX_BIT) in the branch predictor configuration MSR during CPU initialization. The fix adds code to set bit 33 in MSR 0xc001102e during Zen2 CPU initialization, but only when not running under a hypervisor (to avoid conflicts with hypervisor management). This ensures proper isolation of op cache resources and prevents cross-context instruction corruption. The attack surface is local, requiring code execution on the target system to exploit the shared resource vulnerability.
03Fix Versions
| Branch | Fixed in | Patch commit |
|---|---|---|
| 3.16 | 3.17 | 1e23b30a80b1 |
| 4.4 | 4.5 | f5bc3aef7df4 |
| 4.9 | 4.10 | 251497955f23 |
| 5.10 | 5.10.256 | ff6fc65b3bf7 |
| 5.15 | 5.15.207 | 9109489cc8c3 |
| 6.1 | 6.1.173 | 28f5ed477eef |
| 6.12 | 6.12.88 | c21b90f77687 |
| 6.18 | 6.18.30 | — |
| 6.6 | 6.6.139 | 1cd85a19748b |
| 7.0 | 7.0.7 | — |
| mainline | 7.1 | — |