Main Vulnerability Database SB20260518102

SB20260518102 - Citrix XenServer update for Xen

Published: May 18, 2026

Security Bulletin ID SB20260518102

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper privilege management (CVE-ID: CVE-2025-54518)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in x86 CPU opcode cache handling when executing code on affected AMD Fam17h CPUs. A local user can execute code to escalate privileges.

The issue can permit escalation across privilege boundaries including userspace to kernel and guest to host, and only AMD Fam17h CPUs based on the Zen2 microarchitecture are believed to be affected.

Remediation

Install update from vendor's website.

References

https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696581