Critical Vulnerabilities in openSUSE Xen Affecting Multiple Versions

Critical Vulnerabilities in openSUSE Xen Affecting Multiple Versions

First seen 29 Apr 2026, 22:38 UTC Linuxsecurity 97% similarity 57.8

Article Content

Browse articles
ThreatCluster

Recent updates for openSUSE have addressed multiple vulnerabilities in Xen, specifically CVE-2025-54505, CVE-2026-23557, and CVE-2026-23558. CVE-2025-54505 involves floating point divider state sampling on AMD CPUs, with a CVSS score of 6.9. CVE-2026-23557 allows for a denial of service (DoS) via the XS_RESET_WATCHES command, rated at 6.5. CVE-2026-23558 presents a race condition in grant table v2 status page mapping, with a higher severity score of 7.3. Affected systems include openSUSE Leap 15.3 and SUSE Linux Enterprise Micro 5.2. The vulnerabilities were disclosed recently, with CVE-2025-54505 published on April 27, 2026, and a proof of concept available since April 19, 2026. Users are urged to apply the latest patches to mitigate these risks. The vulnerabilities could potentially allow attackers to exploit systems running vulnerable versions of Xen.

Key Points: • Three critical vulnerabilities in Xen affect openSUSE and SUSE Linux systems. • CVE-2025-54505 has a CVSS score of 6.9, while CVE-2026-23558 scores 7.3. • Users are advised to update their systems immediately to mitigate these vulnerabilities.

ThreatCluster AI

Timeline

2026-04-19
First public PoC for CVE-2025-54505 released
2026-04-27
CVE-2025-54505 published
2026-04-28
openSUSE Leap 15.3 advisory published
2026-04-29
openSUSE 15.5 advisory published

Community

Browse all →