CVE-2022-26373: 
Linux Kernel vulnerability analysis and mitigation

CVE-2022-26373 is a vulnerability discovered in Intel processors related to non-transparent sharing of return predictor targets between contexts. The vulnerability was disclosed on August 9, 2022, and affects certain Intel processors with Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities. This security flaw allows an authorized user to potentially enable information disclosure through local access (Intel Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium), with the vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N. The issue stems from exceptions to the documented properties in certain situations when using Intel's Enhanced Indirect Branch Restricted Speculation (eIBRS) capabilities, which can lead to information leakage (VMware Advisory).

The successful exploitation of this vulnerability could lead to information disclosure of sensitive data. A malicious actor with administrative access to a virtual machine can potentially take advantage of various side-channel CPU flaws that may leak information stored in physical memory about the hypervisor or other virtual machines that reside on the same host (VMware Advisory).

Various vendors have released patches to address this vulnerability. VMware has provided patches for their ESXi products that mitigate CVE-2022-26373 without introducing performance impact. For Linux systems, updates have been released in kernel version 5.10.136-1~deb10u3 and 4.19.260-1 (Debian Advisory, VMware Advisory).