Main Vulnerability Database SB2026051865

SB2026051865 - SUSE update for xen

Published: May 18, 2026

Security Bulletin ID SB2026051865

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Improper privilege management (CVE-ID: CVE-2025-54518)

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in x86 CPU opcode cache handling when executing code on affected AMD Fam17h CPUs. A local user can execute code to escalate privileges.

The issue can permit escalation across privilege boundaries including userspace to kernel and guest to host, and only AMD Fam17h CPUs based on the Zen2 microarchitecture are believed to be affected.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20261933-1/

Vulnerable Software

SUSE Linux Enterprise Micro: 5.5
openSUSE Leap: 15.5
xen-libs-debuginfo: before 4.17.6_10-150500.3.68.1
xen-tools-domU-debuginfo: before 4.17.6_10-150500.3.68.1
xen-tools-domU: before 4.17.6_10-150500.3.68.1
xen-debugsource: before 4.17.6_10-150500.3.68.1
xen-devel: before 4.17.6_10-150500.3.68.1
xen-libs: before 4.17.6_10-150500.3.68.1
xen-libs-32bit: before 4.17.6_10-150500.3.68.1
xen-libs-32bit-debuginfo: before 4.17.6_10-150500.3.68.1
xen: before 4.17.6_10-150500.3.68.1
xen-tools-debuginfo: before 4.17.6_10-150500.3.68.1
xen-tools: before 4.17.6_10-150500.3.68.1
xen-doc-html: before 4.17.6_10-150500.3.68.1
xen-tools-xendomains-wait-disk: before 4.17.6_10-150500.3.68.1
xen-libs-64bit: before 4.17.6_10-150500.3.68.1
xen-libs-64bit-debuginfo: before 4.17.6_10-150500.3.68.1

SB2026051865 - SUSE update for xen

Breakdown by Severity

Description

Remediation

References

Please verify you're human