Main Vulnerability Database SB2026051926

SB2026051926 - SUSE update for xen

Published: May 19, 2026

Security Bulletin ID SB2026051926

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 3

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 3 vulnerabilities.

1) Improper privilege management (CVE-ID: CVE-2025-54518)

CWE-ID: CWE-269 - Improper Privilege Management

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges.

The vulnerability exists due to improper privilege management in x86 CPU opcode cache handling when executing code on affected AMD Fam17h CPUs. A local user can execute code to escalate privileges.

The issue can permit escalation across privilege boundaries including userspace to kernel and guest to host, and only AMD Fam17h CPUs based on the Zen2 microarchitecture are believed to be affected.

2) Reachable assertion (CVE-ID: CVE-2026-23557)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an assertion failure in xenstored when processing an XS_RESET_WATCHES command within a transaction. A remote attacker can issue a crafted XS_RESET_WATCHES command within a transaction to cause a denial of service.

Only systems using the C variant of xenstored or xenstore-stubdom built without NDEBUG are vulnerable.

3) Race condition (CVE-ID: CVE-2026-23558)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote user to escalate privileges, disclose sensitive information, or cause a denial of service.

The vulnerability exists due to a race condition in status page mapping via XENMEM_add_to_physmap when changing the grant table version from v2 to v1 in parallel with mapping status pages. A remote user can trigger concurrent grant table version changes and status page mappings to escalate privileges, disclose sensitive information, or cause a denial of service.

Only x86 HVM and PVH guests permitted to use grant table version 2 interfaces can leverage this vulnerability.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20261998-1/

Vulnerable Software

SUSE Linux Enterprise Desktop 15: SP7
SUSE Linux Enterprise Real Time 15: SP7
SUSE Linux Enterprise Server 15: SP7
SUSE Linux Enterprise Server for SAP Applications 15: SP7
Basesystem Module: 15-SP7
Server Applications Module: 15-SP7
xen-tools-domU: before 4.20.3_04-150700.3.36.1
xen-debugsource: before 4.20.3_04-150700.3.36.1
xen-libs: before 4.20.3_04-150700.3.36.1
xen-tools-domU-debuginfo: before 4.20.3_04-150700.3.36.1
xen-libs-debuginfo: before 4.20.3_04-150700.3.36.1
xen-tools-debuginfo: before 4.20.3_04-150700.3.36.1
xen: before 4.20.3_04-150700.3.36.1
xen-tools: before 4.20.3_04-150700.3.36.1
xen-devel: before 4.20.3_04-150700.3.36.1
xen-tools-xendomains-wait-disk: before 4.20.3_04-150700.3.36.1

SB2026051926 - SUSE update for xen

Breakdown by Severity

Description

Remediation

References

Please verify you're human