SUSE-SU-2025:03172-1

Advisory lineage Upstream: 3 Downstream: 0
Published: 11 Sept 2025, 12:54
Last modified:23 Mar 2026, 04:49

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

11 Sept 2025, 12:54
Published
Vulnerability first disclosed
23 Mar 2026, 04:49
Last Modified
Vulnerability information updated

Description

Security update for xen This update for xen fixes the following issues: Security issues fixed: - CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807). - CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when a synthetic timer message has to be delivered (bsc#1248807). - CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping of the reference TSC page (bsc#1248807). Other issues fixed: - efi: Call FreePages() only if needed (bsc#1027519). - x86/hpet: do local APIC EOI after interrupt processing (bsc#1027519). - x86/hvm/ioreq: Fix condition in hvm_alloc_legacy_ioreq_gfn() (bsc#1027519). - x86/idle: Fix the C6 eoi_errata[] list to include NEHALEM_EX (bsc#1027519). - x86/iommu: setup MMCFG ahead of IOMMU (bsc#1027519). - x86/mce: Adjustments to intel_init_ppin() (bsc#1027519). - x86/mkelf32: pad load segment to 2Mb boundary (bsc#1027519).

Affected Systems

  • susexen&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

    < 4.20.1_04-150700.3.11.1

  • susexen&distro=SUSE Linux Enterprise Module for Server Applications 15 SP7

    < 4.20.1_04-150700.3.11.1

References (6)