Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:01860-1 Final 1 1 2025-06-10T08:11:57Z current 2025-06-10T08:11:57Z 2025-06-10T08:11:57Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2024-28956: Fixed Intel CPU: Indirect Target Selection (ITS) (XSA-469) (bsc#1243117) - CVE-2024-53241: Fixed Xen hypercall page unsafe against speculative attacks (XSA-466) (bsc#1234282) - CVE-2025-1713: Fixed deadlock potential with VT-d and legacy PCI device pass-through (XSA-467) (bsc#1238043) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Image SLES15-SP5-SAP-BYOS-GCE-2025-1860,Image SLES15-SP5-SAP-Hardened-BYOS-GCE-2025-1860,Image SLES15-SP5-SAP-Hardened-GCE-2025-1860,SUSE-2025-1860,SUSE-SLE-Micro-5.5-2025-1860 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202501860-1/ Link for SUSE-SU-2025:01860-1 https://lists.suse.com/pipermail/sle-updates/2025-June/040205.html E-Mail link for SUSE-SU-2025:01860-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1234282 SUSE Bug 1234282 https://bugzilla.suse.com/1238043 SUSE Bug 1238043 https://bugzilla.suse.com/1243117 SUSE Bug 1243117 https://www.suse.com/security/cve/CVE-2024-28956/ SUSE CVE CVE-2024-28956 page https://www.suse.com/security/cve/CVE-2024-53241/ SUSE CVE CVE-2024-53241 page https://www.suse.com/security/cve/CVE-2025-1713/ SUSE CVE CVE-2025-1713 page Image SLES15-SP5-SAP-BYOS-GCE Image SLES15-SP5-SAP-Hardened-BYOS-GCE Image SLES15-SP5-SAP-Hardened-GCE SUSE Linux Enterprise Micro 5.5 xen-libs-4.17.5_08-150500.3.45.1 xen-4.17.5_08-150500.3.45.1 xen-devel-4.17.5_08-150500.3.45.1 xen-doc-html-4.17.5_08-150500.3.45.1 xen-libs-32bit-4.17.5_08-150500.3.45.1 xen-libs-64bit-4.17.5_08-150500.3.45.1 xen-tools-4.17.5_08-150500.3.45.1 xen-tools-domU-4.17.5_08-150500.3.45.1 xen-tools-xendomains-wait-disk-4.17.5_08-150500.3.45.1 xen-libs-4.17.5_08-150500.3.45.1 as a component of Image SLES15-SP5-SAP-BYOS-GCE xen-libs-4.17.5_08-150500.3.45.1 as a component of Image SLES15-SP5-SAP-Hardened-BYOS-GCE xen-libs-4.17.5_08-150500.3.45.1 as a component of Image SLES15-SP5-SAP-Hardened-GCE xen-libs-4.17.5_08-150500.3.45.1 as a component of SUSE Linux Enterprise Micro 5.5 Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. CVE-2024-28956 Image SLES15-SP5-SAP-BYOS-GCE:xen-libs-4.17.5_08-150500.3.45.1 Image SLES15-SP5-SAP-Hardened-BYOS-GCE:xen-libs-4.17.5_08-150500.3.45.1 Image SLES15-SP5-SAP-Hardened-GCE:xen-libs-4.17.5_08-150500.3.45.1 SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.5_08-150500.3.45.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501860-1/ https://www.suse.com/security/cve/CVE-2024-28956.html CVE-2024-28956 https://bugzilla.suse.com/1242006 SUSE Bug 1242006 In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of jumping to the Xen hypercall page for doing the iret hypercall, directly code the required sequence in xen-asm.S. This is done in preparation of no longer using hypercall page at all, as it has shown to cause problems with speculation mitigations. This is part of XSA-466 / CVE-2024-53241. CVE-2024-53241 Image SLES15-SP5-SAP-BYOS-GCE:xen-libs-4.17.5_08-150500.3.45.1 Image SLES15-SP5-SAP-Hardened-BYOS-GCE:xen-libs-4.17.5_08-150500.3.45.1 Image SLES15-SP5-SAP-Hardened-GCE:xen-libs-4.17.5_08-150500.3.45.1 SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.5_08-150500.3.45.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501860-1/ https://www.suse.com/security/cve/CVE-2024-53241.html CVE-2024-53241 https://bugzilla.suse.com/1234282 SUSE Bug 1234282 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. CVE-2025-1713 Image SLES15-SP5-SAP-BYOS-GCE:xen-libs-4.17.5_08-150500.3.45.1 Image SLES15-SP5-SAP-Hardened-BYOS-GCE:xen-libs-4.17.5_08-150500.3.45.1 Image SLES15-SP5-SAP-Hardened-GCE:xen-libs-4.17.5_08-150500.3.45.1 SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.5_08-150500.3.45.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202501860-1/ https://www.suse.com/security/cve/CVE-2025-1713.html CVE-2025-1713 https://bugzilla.suse.com/1238043 SUSE Bug 1238043