Main Vulnerability Database SB2026012838

SB2026012838 - SUSE update for xen

Published: January 28, 2026

Security Bulletin ID SB2026012838

Severity

Medium

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2025-27466)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error when updating the reference TSC area. A malicious guest can perform a denial of service (DoS) attack against the hypervisor.

2) NULL pointer dereference (CVE-ID: CVE-2025-58142)

The vulnerability allows a malicious guest to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error by assuming the SIM page is mapped when a synthetic timer message has to be delivered. A malicious guest can perform a denial of service (DoS) attack against the hypervisor.

3) Race condition (CVE-ID: CVE-2025-58143)

The vulnerability allows a malicious guest to compromise the hypervisor.

The vulnerability exists due to a race condition in the mapping of the reference TSC page. A malicious guest can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

4) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2025-58149)

The vulnerability allows a malicious guest to access sensitive information.

The vulnerability exists due to PCI detach logic in libxl that does not remove access permissions to any 64bit memory BARs the device might have. A malicious guest can access any 64bit memory BAR when such device is no longer assigned to the domain.

5) Out-of-bounds read (CVE-ID: CVE-2025-58150)

The vulnerability allows a malicious guest to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in Xen with shadow paging + tracing on x86 systems. An HVM guests running in shadow paging mode can trigger an out-of-bounds read error and read contents of memory on the system.

6) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2026-23553)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to incomplete IBPB for vCPU isolation. A guest processes can leverage information leaks to obtain information intended to be private to other entities in a guest.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2026/suse-su-20260303-1/

Vulnerable Software

SUSE Linux Enterprise Micro for Rancher: 5.2
SUSE Linux Enterprise Micro: 5.2
openSUSE Leap: 15.3
xen-libs-64bit: before 4.14.6_28-150300.3.94.1
xen-libs-64bit-debuginfo: before 4.14.6_28-150300.3.94.1
xen-tools-xendomains-wait-disk: before 4.14.6_28-150300.3.94.1
xen-tools: before 4.14.6_28-150300.3.94.1
xen: before 4.14.6_28-150300.3.94.1
xen-doc-html: before 4.14.6_28-150300.3.94.1
xen-tools-debuginfo: before 4.14.6_28-150300.3.94.1
xen-libs-32bit-debuginfo: before 4.14.6_28-150300.3.94.1
xen-libs-32bit: before 4.14.6_28-150300.3.94.1
xen-tools-domU: before 4.14.6_28-150300.3.94.1
xen-libs-debuginfo: before 4.14.6_28-150300.3.94.1
xen-libs: before 4.14.6_28-150300.3.94.1
xen-tools-domU-debuginfo: before 4.14.6_28-150300.3.94.1
xen-devel: before 4.14.6_28-150300.3.94.1
xen-debugsource: before 4.14.6_28-150300.3.94.1