Re: CVE-2025-40300 / VMScape

[Bjoern Franke <bjo () schafweide org>]

Hi Alan,


> The CPU vendors have their own methods for alerting OS & Hypervisor makers of
> CPU-level security issues in advance of publication, that don't flow through
> the distros lists or this list, so fixes for those often happen without any
> notice here.
>
> For other CVEs, it really depends on whether the project includes this list
> in their notification process, or some volunteer notices them and forwards
> the information to the list.  Many still slip through the cracks.

Thanks for your explanation!

Regards
Bjoern