SB20260428235 - SUSE update for xen

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Observable discrepancy (CVE-ID: CVE-2025-54505)

The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to transient execution in floating-point divisor unit when executing floating-point operations in privileged code. A local user can sample data from the floating-point divisor unit to disclose sensitive information.

The issue affects systems with SMT enabled as well as systems without SMT.

2) Reachable assertion (CVE-ID: CVE-2026-23557)

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an assertion failure in xenstored when processing an XS_RESET_WATCHES command within a transaction. A remote attacker can issue a crafted XS_RESET_WATCHES command within a transaction to cause a denial of service.

Only systems using the C variant of xenstored or xenstore-stubdom built without NDEBUG are vulnerable.

3) Race condition (CVE-ID: CVE-2026-23558)

The vulnerability allows a remote user to escalate privileges, disclose sensitive information, or cause a denial of service.

The vulnerability exists due to a race condition in status page mapping via XENMEM_add_to_physmap when changing the grant table version from v2 to v1 in parallel with mapping status pages. A remote user can trigger concurrent grant table version changes and status page mappings to escalate privileges, disclose sensitive information, or cause a denial of service.

Only x86 HVM and PVH guests permitted to use grant table version 2 interfaces can leverage this vulnerability.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2026/suse-su-20261645-1/