xen-4.20.1_06-1.1 on GA media SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2025:16735 Final 1 1 2025-10-27T00:00:00Z current 2025-10-27T00:00:00Z 2025-10-27T00:00:00Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z xen-4.20.1_06-1.1 on GA media These are all security issues fixed in the xen-4.20.1_06-1.1 package on the GA media of openSUSE Tumbleweed. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). openSUSE-Tumbleweed-2025-16735 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/security/rating/ SUSE Security Ratings https://www.suse.com/security/cve/CVE-2025-58147/ SUSE CVE CVE-2025-58147 page openSUSE Tumbleweed xen-4.20.1_06-1.1 xen-devel-4.20.1_06-1.1 xen-doc-html-4.20.1_06-1.1 xen-libs-4.20.1_06-1.1 xen-tools-4.20.1_06-1.1 xen-tools-domU-4.20.1_06-1.1 xen-tools-xendomains-wait-disk-4.20.1_06-1.1 xen-4.20.1_06-1.1 as a component of openSUSE Tumbleweed xen-devel-4.20.1_06-1.1 as a component of openSUSE Tumbleweed xen-doc-html-4.20.1_06-1.1 as a component of openSUSE Tumbleweed xen-libs-4.20.1_06-1.1 as a component of openSUSE Tumbleweed xen-tools-4.20.1_06-1.1 as a component of openSUSE Tumbleweed xen-tools-domU-4.20.1_06-1.1 as a component of openSUSE Tumbleweed xen-tools-xendomains-wait-disk-4.20.1_06-1.1 as a component of openSUSE Tumbleweed [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs. * CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. * CVE-2025-58148. Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer. CVE-2025-58147 openSUSE Tumbleweed:xen-4.20.1_06-1.1 openSUSE Tumbleweed:xen-devel-4.20.1_06-1.1 openSUSE Tumbleweed:xen-doc-html-4.20.1_06-1.1 openSUSE Tumbleweed:xen-libs-4.20.1_06-1.1 openSUSE Tumbleweed:xen-tools-4.20.1_06-1.1 openSUSE Tumbleweed:xen-tools-domU-4.20.1_06-1.1 openSUSE Tumbleweed:xen-tools-xendomains-wait-disk-4.20.1_06-1.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/security/cve/CVE-2025-58147.html CVE-2025-58147 https://bugzilla.suse.com/1251271 SUSE Bug 1251271