KernelScan.io

HIGH

x86/amd OpCache Isolation

CVE-2026-46174

CVSS 8.8 / 10.0 NVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

KernelScan AI8.8HIGH

01

In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Prevent improper isolation of shared resources in Zen2's op cache Make sure resources are not improperly shared in the op cache and cause instruction corruption this way.

02

Engine v0.2.0

Risk summary

AMD Zen2 processors fail to properly isolate shared resources in the operation cache, potentially allowing instruction corruption across security boundaries. This affects multi-tenant environments, containers, and virtual machines where different security contexts share the same physical CPU core.

Affectedarch/x86/kernel/cpu/amd.c (x86 CPU initialization)

Vulnerability analysis

The vulnerability stems from improper isolation of shared resources in AMD Zen2's operation cache, which can cause instruction corruption when multiple processes or security contexts share CPU resources. The root cause is missing initialization of a hardware bug fix bit (MSR_ZEN2_BP_CFG_BUG_FIX_BIT) in the branch predictor configuration MSR during CPU initialization. The fix adds code to set bit 33 in MSR 0xc001102e during Zen2 CPU initialization, but only when not running under a hypervisor (to avoid conflicts with hypervisor management). This ensures proper isolation of op cache resources and prevents cross-context instruction corruption. The attack surface is local, requiring code execution on the target system to exploit the shared resource vulnerability.

03

BranchFixed inPatch commit
3.163.171e23b30a80b1
4.44.5f5bc3aef7df4
4.94.10251497955f23
5.105.10.256ff6fc65b3bf7
5.155.15.2079109489cc8c3
6.16.1.17328f5ed477eef
6.126.12.88c21b90f77687
6.186.18.30
6.66.6.1391cd85a19748b
7.07.0.7
mainline7.1