Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE Linux 12 SP5 Moderate Xen Buffer Overrun 2026-0328-1

suse
Calendar Grey January 28, 2026
Dist Suse Esm H88
SUSE security update addresses three issues in Xen, with moderate severity including buffer overrun and vCPU isolation.
An update that solves three vulnerabilities can now be installed.

Summary

## This update for xen fixes the following issues: Security fixes: * CVE-2025-58150: Fixed buffer overrun with shadow paging and tracing (XSA-477) (bsc#1256745) * CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation (XSA-479) (bsc#1256747) * CVE-2025-58149: Fixed incorrect removal od permissions on PCI device unplug allow PV guests to access memory of devices no longer assigned to it (XSA-476) (bsc#1252692)

References

* bsc#1252692

* bsc#1256745

* bsc#1256747

Cross-

* CVE-2025-58149

* CVE-2025-58150

* CVE-2026-23553

CVSS scores:

* CVE-2025-58149 ( SUSE ): 4.3

CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N

* CVE-2025-58149 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

* CVE-2025-58149 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

* CVE-2025-58150 ( SUSE ): 4.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

* CVE-2025-58150 ( SUSE ): 5.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

* CVE-2025-58150 ( NVD ): 8.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

* CVE-2026-23553 ( SUSE ): 6.8

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Announcement ID: SUSE-SU-2026:0328-1
Release Date: 2026-01-28T15:39:28Z
Rating: moderate

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here