SB2026012838 - SUSE update for xen
Published: January 28, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 6 vulnerabilities.
1) NULL pointer dereference (CVE-ID: CVE-2025-27466)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Green
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error when updating the reference TSC area. A malicious guest can perform a denial of service (DoS) attack against the hypervisor.
2) NULL pointer dereference (CVE-ID: CVE-2025-58142)
CWE-ID: CWE-476 - NULL Pointer Dereference
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:H/E:U/U:Green
The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error by assuming the SIM page is mapped when a synthetic timer message has to be delivered. A malicious guest can perform a denial of service (DoS) attack against the hypervisor.
3) Race condition (CVE-ID: CVE-2025-58143)
CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:H/SA:H/E:U/U:Green
The vulnerability allows a malicious guest to compromise the hypervisor.
The vulnerability exists due to a race condition in the mapping of the reference TSC page. A malicious guest can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-58149)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a malicious guest to access sensitive information.
The vulnerability exists due to PCI detach logic in libxl that does not remove access permissions to any 64bit memory BARs the device might have. A malicious guest can access any 64bit memory BAR when such device is no longer assigned to the domain.
5) Out-of-bounds read (CVE-ID: CVE-2025-58150)
CWE-ID: CWE-125 - Out-of-bounds read
CVSSv4: CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a malicious guest to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Xen with shadow paging + tracing on x86 systems. An HVM guests running in shadow paging mode can trigger an out-of-bounds read error and read contents of memory on the system.
6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-23553)
CWE-ID: CWE-264 - Permissions, Privileges, and Access Controls
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to incomplete IBPB for vCPU isolation. A guest processes can leverage information leaks to obtain information intended to be private to other entities in a guest.
Remediation
Install update from vendor's website.