Main Vulnerability Database SB2025080609

SB2025080609 - Fedora 41 update for xen

Published: August 6, 2025

Security Bulletin ID SB2025080609

Severity

Medium

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Remote access

Highest impact Denial of service

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper error handling (CVE-ID: CVE-2025-27465)

The vulnerability allows a local guest to crash the hypervisor.

The vulnerability exists die to incorrect stubs exception handling for flags recovery. A malicious guest can force the hypervisor to crash.

2) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2024-36350)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to information leak. A local user can obtain sensitive data from previous stores.

Install update from vendor's website.