SUSE-SU-2026:1092-1
Vulnerability from csaf_suse - Published: 2026-03-26 17:51 - Updated: 2026-03-26 17:51Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
- CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480)
Patchnames: SUSE-2026-1092,SUSE-SLE-Micro-5.5-2026-1092,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1092,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1092,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1092,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1092
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Vendor Fix
To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
References
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\n- CVE-2026-23554: xen: Use after free of paging structures in EPT (bsc#1259247, XSA-480)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2026-1092,SUSE-SLE-Micro-5.5-2026-1092,SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1092,SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1092,SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1092,SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1092",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2026_1092-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2026:1092-1",
"url": "https://www.suse.com/support/update/announcement/2026/suse-su-20261092-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2026:1092-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-March/024965.html"
},
{
"category": "self",
"summary": "SUSE Bug 1259247",
"url": "https://bugzilla.suse.com/1259247"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2026-23554 page",
"url": "https://www.suse.com/security/cve/CVE-2026-23554/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2026-03-26T17:51:51Z",
"generator": {
"date": "2026-03-26T17:51:51Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2026:1092-1",
"initial_release_date": "2026-03-26T17:51:51Z",
"revision_history": [
{
"date": "2026-03-26T17:51:51Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.17.6_06-150500.3.62.2.aarch64",
"product": {
"name": "xen-4.17.6_06-150500.3.62.2.aarch64",
"product_id": "xen-4.17.6_06-150500.3.62.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.17.6_06-150500.3.62.2.aarch64",
"product": {
"name": "xen-devel-4.17.6_06-150500.3.62.2.aarch64",
"product_id": "xen-devel-4.17.6_06-150500.3.62.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.17.6_06-150500.3.62.2.aarch64",
"product": {
"name": "xen-doc-html-4.17.6_06-150500.3.62.2.aarch64",
"product_id": "xen-doc-html-4.17.6_06-150500.3.62.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.17.6_06-150500.3.62.2.aarch64",
"product": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.aarch64",
"product_id": "xen-libs-4.17.6_06-150500.3.62.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.17.6_06-150500.3.62.2.aarch64",
"product": {
"name": "xen-tools-4.17.6_06-150500.3.62.2.aarch64",
"product_id": "xen-tools-4.17.6_06-150500.3.62.2.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.aarch64",
"product": {
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.aarch64",
"product_id": "xen-tools-domU-4.17.6_06-150500.3.62.2.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.17.6_06-150500.3.62.2.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.17.6_06-150500.3.62.2.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.17.6_06-150500.3.62.2.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.17.6_06-150500.3.62.2.i586",
"product": {
"name": "xen-devel-4.17.6_06-150500.3.62.2.i586",
"product_id": "xen-devel-4.17.6_06-150500.3.62.2.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.17.6_06-150500.3.62.2.i586",
"product": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.i586",
"product_id": "xen-libs-4.17.6_06-150500.3.62.2.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.i586",
"product": {
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.i586",
"product_id": "xen-tools-domU-4.17.6_06-150500.3.62.2.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"product": {
"name": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"product_id": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.17.6_06-150500.3.62.2.x86_64",
"product": {
"name": "xen-4.17.6_06-150500.3.62.2.x86_64",
"product_id": "xen-4.17.6_06-150500.3.62.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"product": {
"name": "xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"product_id": "xen-devel-4.17.6_06-150500.3.62.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.17.6_06-150500.3.62.2.x86_64",
"product": {
"name": "xen-doc-html-4.17.6_06-150500.3.62.2.x86_64",
"product_id": "xen-doc-html-4.17.6_06-150500.3.62.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"product": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"product_id": "xen-libs-4.17.6_06-150500.3.62.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.17.6_06-150500.3.62.2.x86_64",
"product": {
"name": "xen-libs-32bit-4.17.6_06-150500.3.62.2.x86_64",
"product_id": "xen-libs-32bit-4.17.6_06-150500.3.62.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"product": {
"name": "xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"product_id": "xen-tools-4.17.6_06-150500.3.62.2.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"product": {
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"product_id": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.5",
"product": {
"name": "SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-micro:5.5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
"product_id": "SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-devel-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-libs-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch as component of SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch as component of SUSE Linux Enterprise Server 15 SP5-LTSS",
"product_id": "SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15 SP5-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-devel-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-libs-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64"
},
"product_reference": "xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch as component of SUSE Linux Enterprise Server for SAP Applications 15 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
},
"product_reference": "xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2026-23554",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2026-23554"
}
],
"notes": [
{
"category": "general",
"text": "The Intel EPT paging code uses an optimization to defer flushing of any cached\nEPT state until the p2m lock is dropped, so that multiple modifications done\nunder the same locked region only issue a single flush.\n\nFreeing of paging structures however is not deferred until the flushing is\ndone, and can result in freed pages transiently being present in cached state.\nSuch stale entries can point to memory ranges not owned by the guest, thus\nallowing access to unintended memory regions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2026-23554",
"url": "https://www.suse.com/security/cve/CVE-2026-23554"
},
{
"category": "external",
"summary": "SUSE Bug 1259247 for CVE-2026-23554",
"url": "https://bugzilla.suse.com/1259247"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise Micro 5.5:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server 15 SP5-LTSS:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-devel-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-libs-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-domU-4.17.6_06-150500.3.62.2.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15 SP5:xen-tools-xendomains-wait-disk-4.17.6_06-150500.3.62.2.noarch"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-03-26T17:51:51Z",
"details": "important"
}
],
"title": "CVE-2026-23554"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…