Alan Coopersmith wrote: > The CPU vendors have their own methods for alerting OS & Hypervisor makers of > CPU-level security issues in advance of publication, that don't flow through > the distros lists or this list, so fixes for those often happen without any > notice here.
Most major CPU architecture issues have reached the list via the excellent Xen advisories (which are also posted to this list). But in the case of CVE-2025-40300, Xen isn't affected (https://virtualize.sh/blog/vmscape-and-why-xen-dodged-it/), so there was never a respective Xen advisory. Cheers, Moritz
