Security update for xen SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2025:3798-1 Final 1 1 2025-10-27T07:58:15Z current 2025-10-27T07:58:15Z 2025-10-27T07:58:15Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for xen This update for xen fixes the following issues: - CVE-2025-58147, CVE-2025-58148: Fixed incorrect input sanitisation in Viridian hypercalls (bsc#1251271, XSA-475) - CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed mutiple vulnerabilities in the Viridian interface (bsc#1248807, XSA-472) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2025-3798,SUSE-SLE-Module-Basesystem-15-SP6-2025-3798,SUSE-SLE-Module-Server-Applications-15-SP6-2025-3798,openSUSE-SLE-15.6-2025-3798 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2025/suse-su-20253798-1/ Link for SUSE-SU-2025:3798-1 https://lists.suse.com/pipermail/sle-security-updates/2025-October/023031.html E-Mail link for SUSE-SU-2025:3798-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1027519 SUSE Bug 1027519 https://bugzilla.suse.com/1248807 SUSE Bug 1248807 https://bugzilla.suse.com/1251271 SUSE Bug 1251271 https://www.suse.com/security/cve/CVE-2025-27466/ SUSE CVE CVE-2025-27466 page https://www.suse.com/security/cve/CVE-2025-58142/ SUSE CVE CVE-2025-58142 page https://www.suse.com/security/cve/CVE-2025-58143/ SUSE CVE CVE-2025-58143 page https://www.suse.com/security/cve/CVE-2025-58147/ SUSE CVE CVE-2025-58147 page https://www.suse.com/security/cve/CVE-2025-58148/ SUSE CVE CVE-2025-58148 page SUSE Linux Enterprise Module for Basesystem 15 SP6 SUSE Linux Enterprise Module for Server Applications 15 SP6 openSUSE Leap 15.6 xen-4.18.5_06-150600.3.31.2 xen-devel-4.18.5_06-150600.3.31.2 xen-doc-html-4.18.5_06-150600.3.31.2 xen-libs-4.18.5_06-150600.3.31.2 xen-libs-32bit-4.18.5_06-150600.3.31.2 xen-libs-64bit-4.18.5_06-150600.3.31.2 xen-tools-4.18.5_06-150600.3.31.2 xen-tools-domU-4.18.5_06-150600.3.31.2 xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 xen-libs-4.18.5_06-150600.3.31.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 xen-tools-domU-4.18.5_06-150600.3.31.2 as a component of SUSE Linux Enterprise Module for Basesystem 15 SP6 xen-4.18.5_06-150600.3.31.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 xen-devel-4.18.5_06-150600.3.31.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 xen-tools-4.18.5_06-150600.3.31.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 as a component of SUSE Linux Enterprise Module for Server Applications 15 SP6 xen-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 xen-devel-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 xen-doc-html-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 xen-libs-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 xen-libs-32bit-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 xen-tools-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 xen-tools-domU-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 as a component of openSUSE Leap 15.6 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143. CVE-2025-27466 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-libs-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-tools-domU-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-devel-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-devel-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-doc-html-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-32bit-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-domU-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253798-1/ https://www.suse.com/security/cve/CVE-2025-27466.html CVE-2025-27466 https://bugzilla.suse.com/1248807 SUSE Bug 1248807 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143. CVE-2025-58142 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-libs-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-tools-domU-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-devel-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-devel-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-doc-html-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-32bit-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-domU-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253798-1/ https://www.suse.com/security/cve/CVE-2025-58142.html CVE-2025-58142 https://bugzilla.suse.com/1248807 SUSE Bug 1248807 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143. CVE-2025-58143 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-libs-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-tools-domU-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-devel-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-devel-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-doc-html-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-32bit-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-domU-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253798-1/ https://www.suse.com/security/cve/CVE-2025-58143.html CVE-2025-58143 https://bugzilla.suse.com/1248807 SUSE Bug 1248807 unknown CVE-2025-58147 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-libs-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-tools-domU-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-devel-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-devel-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-doc-html-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-32bit-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-domU-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253798-1/ https://www.suse.com/security/cve/CVE-2025-58147.html CVE-2025-58147 https://bugzilla.suse.com/1251271 SUSE Bug 1251271 unknown CVE-2025-58148 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-libs-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Basesystem 15 SP6:xen-tools-domU-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-devel-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-4.18.5_06-150600.3.31.2 SUSE Linux Enterprise Module for Server Applications 15 SP6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-devel-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-doc-html-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-32bit-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-libs-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-domU-4.18.5_06-150600.3.31.2 openSUSE Leap 15.6:xen-tools-xendomains-wait-disk-4.18.5_06-150600.3.31.2 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2025/suse-su-20253798-1/ https://www.suse.com/security/cve/CVE-2025-58148.html CVE-2025-58148 https://bugzilla.suse.com/1251271 SUSE Bug 1251271