xen (SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS package xen, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (24)
CVE-2025-27466 — CVSS 9.8 (critical): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
CVE-2025-58142 — CVSS 9.8 (critical): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
CVE-2025-58143 — CVSS 9.8 (critical): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are…
CVE-2026-42488 — CVSS 8.1 (high): Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch…
CVE-2026-42487 — CVSS 7.9 (high): HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via…
CVE-2025-58147 — CVSS 7.5 (high): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some…
CVE-2025-1713 — CVSS 7.5 (high): When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required…
CVE-2024-31143 — CVSS 7.5 (high): An optional feature of PCI MSI called "Multiple Message" allows a device to use multiple consecutive interrupt vectors. Unlike for MSI-X…
CVE-2024-31145 — CVSS 7.5 (high): Certain PCI devices in a system might be assigned Reserved Memory Regions (specified via Reserved Memory Region Reporting, "RMRR") for…
CVE-2024-31146 — CVSS 7.5 (high): When multiple devices share resources and one of them is to be passed through to a guest, security of the entire system and of respective…
CVE-2025-58148 — CVSS 7.5 (high): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some…
CVE-2024-45817 — CVSS 7.3 (high): In x86's APIC (Advanced Programmable Interrupt Controller) architecture, error conditions are reported in a status register. Furthermore…
CVE-2025-54518 — CVSS 7.0 (high): Improper isolation of shared resources within the CPU operation cache on Zen 2-based products could allow an attacker to corrupt…
CVE-2026-42490 — CVSS 6.5 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create…
CVE-2024-45818 — CVSS 6.5 (medium): The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking…
CVE-2024-28956 — CVSS 5.6 (medium): Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow…
CVE-2024-36357 — CVSS 5.6 (medium): A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in…
CVE-2024-36350 — CVSS 5.6 (medium): A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting…
CVE-2024-53241 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: x86/xen: don't do PV iret hypercall through hypercall page Instead of…
CVE-2024-45819 — CVSS 5.5 (medium): PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are…
CVE-2023-46839 — CVSS 5.3 (medium): PCI devices can make use of a functionality called phantom functions, that when enabled allows the device to generate requests using the…
CVE-2026-42489 — CVSS 5.3 (medium): [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create…
CVE-2024-2201 — CVSS 4.7 (medium): A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak…
CVE-2025-27465 — CVSS 4.3 (medium): Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an…