SUSE: Critical Update for Xen Addressing Information Leak Issue 2026:0012-1

suse

January 5, 2026

An update that solves six vulnerabilities can now be installed.

Summary

## This update for xen fixes the following issues: Security issues fixed: * CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). * CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). * CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). * CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to out-of-bounds write through `vpmask_set()` (bsc#1251271). * CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using

Topics Covered

security advisory information leak SuSE DoS important xen

References

* bsc#1027519

* bsc#1248807

* bsc#1251271

* bsc#1252692

* bsc#1254180

Cross-

* CVE-2025-27466

* CVE-2025-58142

* CVE-2025-58143

* CVE-2025-58147

* CVE-2025-58148

* CVE-2025-58149

CVSS scores:

* CVE-2025-27466 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

* CVE-2025-27466 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-58142 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

* CVE-2025-58142 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-58143 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-58143 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2025-58147 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2026:0012-1

Release Date: 2026-01-05T10:31:33Z

Rating: important

Topics Covered

security advisory information leak SuSE DoS important xen

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

SUSE: Critical Update for Xen Addressing Information Leak Issue 2026:0012-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

SUSE: Critical Update for Xen Addressing Information Leak Issue 2026:0012-1

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!