Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:02325-1 Final 1 1 2025-07-16T06:37:43Z current 2025-07-16T06:37:43Z 2025-07-16T06:37:43Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2024-36350, CVE-2024-36357: More AMD transient execution attacks (bsc#1246112, XSA-471) - CVE-2025-27465: Incorrect stubs exception handling for flags recovery (bsc#1244644, XSA-470) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-2325,SUSE-SLE-Micro-5.5-2025-2325,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2025-2325,SUSE-SLE-Product-HPC-15-SP5-LTSS-2025-2325,SUSE-SLE-Product-SLES-15-SP5-LTSS-2025-2325,SUSE-SLE-Product-SLES_SAP-15-SP5-2025-2325 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-202502325-1/ Link for SUSE-SU-2025:02325-1 https://lists.suse.com/pipermail/sle-updates/2025-July/040723.html E-Mail link for SUSE-SU-2025:02325-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1238896 SUSE Bug 1238896 https://bugzilla.suse.com/1244644 SUSE Bug 1244644 https://bugzilla.suse.com/1246112 SUSE Bug 1246112 https://www.suse.com/security/cve/CVE-2024-36350/ SUSE CVE CVE-2024-36350 page https://www.suse.com/security/cve/CVE-2024-36357/ SUSE CVE CVE-2024-36357 page https://www.suse.com/security/cve/CVE-2025-27465/ SUSE CVE CVE-2025-27465 page SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS SUSE Linux Enterprise Micro 5.5 SUSE Linux Enterprise Server 15 SP5-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP5 xen-4.17.5_10-150500.3.50.1 xen-devel-4.17.5_10-150500.3.50.1 xen-doc-html-4.17.5_10-150500.3.50.1 xen-libs-4.17.5_10-150500.3.50.1 xen-libs-32bit-4.17.5_10-150500.3.50.1 xen-libs-64bit-4.17.5_10-150500.3.50.1 xen-tools-4.17.5_10-150500.3.50.1 xen-tools-domU-4.17.5_10-150500.3.50.1 xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 xen-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS xen-devel-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS xen-libs-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS xen-tools-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS xen-tools-domU-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS xen-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS xen-devel-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS xen-libs-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS xen-tools-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS xen-tools-domU-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS xen-libs-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Micro 5.5 xen-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS xen-devel-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS xen-libs-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS xen-tools-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS xen-tools-domU-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server 15 SP5-LTSS xen-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 xen-devel-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 xen-libs-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 xen-tools-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 xen-tools-domU-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP5 A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information. CVE-2024-36350 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502325-1/ https://www.suse.com/security/cve/CVE-2024-36350.html CVE-2024-36350 https://bugzilla.suse.com/1238896 SUSE Bug 1238896 A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries. CVE-2024-36357 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502325-1/ https://www.suse.com/security/cve/CVE-2024-36357.html CVE-2024-36357 https://bugzilla.suse.com/1238896 SUSE Bug 1238896 Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an executable stub. Some instructions may raise an exception, which is supposed to be handled gracefully. Certain replayed instructions have additional logic to set up and recover the changes to the arithmetic flags. For replayed instructions where the flags recovery logic is used, the metadata for exception handling was incorrect, preventing Xen from handling the the exception gracefully, treating it as fatal instead. CVE-2025-27465 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-devel-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-libs-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-domU-4.17.5_10-150500.3.50.1 SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.5_10-150500.3.50.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-202502325-1/ https://www.suse.com/security/cve/CVE-2025-27465.html CVE-2025-27465 https://bugzilla.suse.com/1244644 SUSE Bug 1244644