xen (SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server LTSS Extended Security 12 SP5 package xen, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (8)
CVE-2025-58150 — CVSS 8.8 (high): Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with…
CVE-2025-1713 — CVSS 7.5 (high): When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required…
CVE-2025-58149 — CVSS 7.5 (high): When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have…
CVE-2024-45818 — CVSS 6.5 (medium): The hypervisor contains code to accelerate VGA memory accesses for HVM guests, when the (virtual) VGA is in "standard" mode. Locking…
CVE-2024-28956 — CVSS 5.6 (medium): Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow…
CVE-2024-45819 — CVSS 5.5 (medium): PVH guests have their ACPI tables constructed by the toolstack. The construction involves building the tables in local memory, which are…
CVE-2025-27465 — CVSS 4.3 (medium): Certain instructions need intercepting and emulating by Xen. In some cases Xen emulates the instruction by replaying it, using an…
CVE-2026-23553 — CVSS 2.9 (low): In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run…