A couple of weeks ago CVE-2018-3665, a side-channel attack based on lazy FPU context switching, was announced. The embargo broke for it early and we were notitifed of the vulnerability the same day that it went public. That vulnerability was live-patched once we had adequate time to test the fix did not cause any issues. We concurrently live-patched denial of service vulnerabilities in Xen that were publicly released a couple of days ago.