On 9 January 2026, Ubuntu published security notice USN-7940-2, which updates the Linux kernel on Ubuntu 24.04 LTS and fixes, among more than a hundred vulnerabilities, one known as VMSCAPE (CVE-2025-40300). It belongs to the family of speculative execution vulnerabilities that affect virtualized environments.
What VMSCAPE is
VMSCAPE is a flaw of insufficient branch predictor isolation between a guest virtual machine and a userspace hypervisor such as QEMU. On modern CPUs, the branch predictor tries to anticipate the program flow to speed up execution. When that state is not properly isolated on exit from a VM, an attacker inside the guest can “poison” the predictor to influence the speculative execution of the hypervisor process on the host.
The result is a leak path: an attacker inside a guest VM could potentially expose sensitive information from the host operating system. It is a variant of the classic speculative-execution side-channel problem (in the Spectre lineage) and affects x86 processors.
Who is affected
Ubuntu’s notice focuses on Ubuntu 24.04 LTS, specifically the kernels for Azure instances (including the NVIDIA-enabled variants), where virtualization is the usual scenario. More broadly, according to the NVD database, the issue touches many Linux kernel versions (stable branches 5.10, 5.15, 6.1, 6.6 and 6.12, among others).
The most exposed audience are virtualized infrastructure operators: cloud providers, hosting companies and any deployment where several untrusted VMs share the same physical host. On a desktop machine without untrusted VMs, the practical risk is much lower.
Severity
VMSCAPE is rated by NVD with a CVSS 3.1 score of 5.5 (medium severity), vector AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. This reflects that it requires local access with low privileges inside the guest and no user interaction. The kernel mitigation introduces a conditional IBPB (Indirect Branch Predictor Barrier) after VM exits to protect the userspace hypervisor.
A caveat is in order: although its score is medium, VMSCAPE’s real value to an attacker is as a link in a chain, combined with other flaws to build a reliable exploit against the host.
Mitigation and patch
The recommendation is straightforward: apply the kernel updates distributed by Ubuntu. Notice USN-7940-2 fixes the kernel on 24.04 LTS and, beyond VMSCAPE, resolves more than a hundred additional CVEs across multiple subsystems (ARM64, PowerPC, x86, cryptography, networking, storage and filesystems).
Practical steps:
- Run
sudo apt update && sudo apt upgradeto install the fixed kernel. - Reboot the system: the change only takes effect after a reboot, since the running kernel is not replaced live.
- If you use third-party kernel modules, recompile them: the notice indicates there was an ABI change.
For machines that cannot reboot immediately, prioritize hosts running low-trust VMs, as that is the scenario where VMSCAPE actually matters.
If you manage Ubuntu servers in production, this update is a good moment to review your hardening and isolation strategy. See our Ubuntu page for more context on the distribution’s support cycle.
Source
- Original advisory: Ubuntu Security Notice USN-7940-2
- Vulnerability detail: CVE-2025-40300 on NVD