diff --git a/hypervisor/arch/x86/guest/vcpu.c b/hypervisor/arch/x86/guest/vcpu.c
index 6aa95b580..8bd9ba44f 100644
--- a/hypervisor/arch/x86/guest/vcpu.c
+++ b/hypervisor/arch/x86/guest/vcpu.c
@@ -407,6 +407,7 @@ int32_t run_vcpu(struct acrn_vcpu *vcpu)
 	struct run_context *ctx =
 		&vcpu->arch.contexts[vcpu->arch.cur_context].run_ctx;
 	int64_t status = 0;
+	int32_t ibrs_type = get_ibrs_type();
 
 	if (bitmap_test_and_clear_lock(CPU_REG_RIP, &vcpu->reg_updated))
 		exec_vmwrite(VMX_GUEST_RIP, ctx->rip);
diff --git a/hypervisor/arch/x86/security.c b/hypervisor/arch/x86/security.c
index f0184358e..36a697e41 100644
--- a/hypervisor/arch/x86/security.c
+++ b/hypervisor/arch/x86/security.c
@@ -15,7 +15,7 @@
 #include <logmsg.h>
 
 static bool skip_l1dfl_vmentry;
-int32_t ibrs_type;
+static int32_t ibrs_type;
 
 static void detect_ibrs(void)
 {
@@ -44,6 +44,11 @@ static void detect_ibrs(void)
 #endif
 }
 
+int32_t get_ibrs_type(void)
+{
+	return ibrs_type;
+}
+
 bool check_cpu_security_cap(void)
 {
 	uint64_t x86_arch_capabilities;
diff --git a/hypervisor/include/arch/x86/security.h b/hypervisor/include/arch/x86/security.h
index bf417c86c..681894a8a 100644
--- a/hypervisor/include/arch/x86/security.h
+++ b/hypervisor/include/arch/x86/security.h
@@ -17,7 +17,7 @@
 #define IBRS_OPT	2
 
 #ifndef ASSEMBLER
-extern int32_t ibrs_type;
+int32_t get_ibrs_type(void);
 void cpu_l1d_flush(void);
 bool check_cpu_security_cap(void);