Main Vulnerability Database SB2026012875

SB2026012875 - SUSE update for xen

Published: January 28, 2026

Security Bulletin ID SB2026012875

Severity

Low

Patch available

YES

Number of vulnerabilities 2

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2025-58150)

The vulnerability allows a malicious guest to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Xen with shadow paging + tracing on x86 systems. An HVM guests running in shadow paging mode can trigger an out-of-bounds read error and read contents of memory on the system.

2) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-23553)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incomplete IBPB for vCPU isolation. A guest processes can leverage information leaks to obtain information intended to be private to other entities in a guest.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20260329-1/

Vulnerable Software

Server Applications Module: 15-SP7
Basesystem Module: 15-SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Desktop 15: SP7
xen-tools-xendomains-wait-disk: before 4.20.2_04-150700.3.22.1
xen-tools: before 4.20.2_04-150700.3.22.1
xen-devel: before 4.20.2_04-150700.3.22.1
xen-tools-debuginfo: before 4.20.2_04-150700.3.22.1
xen: before 4.20.2_04-150700.3.22.1
xen-tools-domU-debuginfo: before 4.20.2_04-150700.3.22.1
xen-libs-debuginfo: before 4.20.2_04-150700.3.22.1
xen-libs: before 4.20.2_04-150700.3.22.1
xen-debugsource: before 4.20.2_04-150700.3.22.1
xen-tools-domU: before 4.20.2_04-150700.3.22.1