CVE-2025-38560 referencing the wrong CPU attack

[dmell]

Hello,

The paper linked in CVE-2025-38560's analysis doesn't seem to be the correct one. At Google, we associated this to https://heracles-attack.github.io/ or https://www.usenix.org/conference/usenixsecurity25/presentation/yan-yuqin. Cohere+Reload shouln't have any kernel patch associated with it, as per AMD's bulletin.

Can folks from Oracle have a look?
Thanks!

[dpilipchuk]

Hello,

Your suggested associations are definitely correct, but the referenced paper mentions coherency as well:

AMD` disabling the coherence feature will undoubtedly mitigate Cohere+Reload, ....

We'll be following up with AMD to confirm. In the meantime, could you, please, update the notes section of the template with the ones suggested by Google for completeness?

Thank you