VSA-2026-010: Floating Point Divider State Sampling on AMD CPUs

Published	Updated	Severity	CVSS 4.0	Affected products
2026-04-28	2026-04-28	🟠 Moderate	2.0	- XCP-ng 8.3

info

A vulnerability on the Xen hypervisor has been discovered. For Vates products, we classify the impact as Medium, as impact is limited or requires unusual conditions. For details on how we assign severity levels, see our Severity Levels Explained page.

Summary

The Xen project recently disclosed a vulnerability affecting all previous versions of the Xen hypervisor.

Researchers from CISPA reported "Floating Point Divider State Sampling (FP-DSS)", a transient execution vulnerability, affecting multiple generations of AMD CPUs. AMD assesses that potential information-leakage risk in real-world deployments appears limited due to the constrained nature of the data involved and the relatively uncommon use of floating-point operations in privileged code.

Impact

An attacker might be able to infer data belonging to other contexts, including data belonging to other guests.

Affected Versions

Systems running XCP-ng 8.3 LTS on AMD Fam17h CPUs (Zen1 micro-architecture) are believed to be vulnerable. Other AMD CPUs and CPUs from other manufacturers are not known to be affected.

• XCP-ng 8.3: xen-4.13.4-10.27.xcpng8.3 and later are affected.

Mitigation

There are no known mitigation.

Resolution

As of the 2026-04-28, the updated xen-* packages for XCP-ng 8.3 have been updated to address this issue.

List of packages fixing this issue:

• XCP-ng 8.3:
  • xen-4.17.6-6.2.xcpng8.3

Credits

This issue was reported by Researchers from the CISPA Helmholtz Center for Information Security (Daniel Weber, Fabian Schwarz, Leon Trampert, Ruiyi Zhang, Michael Schwarz), and fixed by Andrew Cooper of Citrix.

References

• CVE-2025-54505
• XSA-488
• AMD-SB-7053
• TREVEX: A Black-Box Detection Framework For Data-Flow Transient Execution Vulnerabilities
• CISPA/ROOTSEC article
• CISPA TREVEX