Back

Critical Vulnerabilities in openSUSE Xen Affecting Multiple Versions

Severity: Medium (Score: 57.8)

Sources: Linuxsecurity

Summary

Recent updates for openSUSE have addressed multiple vulnerabilities in Xen, specifically CVE-2025-54505, CVE-2026-23557, and CVE-2026-23558. CVE-2025-54505 involves floating point divider state sampling on AMD CPUs, with a CVSS score of 6.9. CVE-2026-23557 allows for a denial of service (DoS) via the XS_RESET_WATCHES command, rated at 6.5. CVE-2026-23558 presents a race condition in grant table v2 status page mapping, with a higher severity score of 7.3. Affected systems include openSUSE Leap 15.3 and SUSE Linux Enterprise Micro 5.2. The vulnerabilities were disclosed recently, with CVE-2025-54505 published on April 27, 2026, and a proof of concept available since April 19, 2026. Users are urged to apply the latest patches to mitigate these risks. The vulnerabilities could potentially allow attackers to exploit systems running vulnerable versions of Xen. Key Points: • Three critical vulnerabilities in Xen affect openSUSE and SUSE Linux systems. • CVE-2025-54505 has a CVSS score of 6.9, while CVE-2026-23558 scores 7.3. • Users are advised to update their systems immediately to mitigate these vulnerabilities.

Key Entities

  • DDoS (attack_type)
  • CVE-2025-54505 (cve)
  • CVE-2026-23557 (cve)
  • CVE-2026-23558 (cve)
  • Cwe-362 - Race Condition (cwe)
  • OpenSUSE (company)
  • OpenSUSE Leap 15.3 (platform)
  • SUSE Linux Enterprise Micro (platform)
  • SUSE Linux Enterprise Micro For Rancher 5.2 (platform)
  • Xen (platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed