File _patchinfo of Package patchinfo.42356

<patchinfo incident="42356">
  <issue tracker="bnc" id="1256745">VUL-0: EMBARGOED: CVE-2025-58150: xen: x86: buffer overrun with shadow paging + tracing (XSA-477)</issue>
  <issue tracker="bnc" id="1254180">[SLES][15-SP7][x86_64][Build41647]  virtxend service restart</issue>
  <issue tracker="bnc" id="1256747">VUL-0: EMBARGOED: CVE-2026-23553: xen: x86: incomplete IBPB for vCPU isolation (XSA-479)</issue>
  <issue tracker="bnc" id="1252692">VUL-0: CVE-2025-58149: xen: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to it (XSA-476)</issue>
  <issue tracker="bnc" id="1248807">VUL-0: CVE-2025-27466,CVE-2025-58142,CVE-2025-58143: xen: Mutiple vulnerabilities in the Viridian interface (XSA-472)</issue>
  <issue tracker="cve" id="2025-58143"/>
  <issue tracker="cve" id="2025-58150"/>
  <issue tracker="cve" id="2025-58142"/>
  <issue tracker="cve" id="2026-23553"/>
  <issue tracker="cve" id="2025-27466"/>
  <issue tracker="cve" id="2025-58149"/>
  <packager>charlesa</packager>
  <rating>moderate</rating>
  <category>security</category>
  <summary>Security update for xen</summary>
  <description>This update for xen fixes the following issues:

Security fixes:
  
- CVE-2025-58150: Fixed buffer overrun with shadow paging and 
  tracing (XSA-477) (bsc#1256745)
- CVE-2026-23553: Fixed incomplete IBPB for vCPU isolation 
  (XSA-479) (bsc#1256747)
- CVE-2025-58149: Fixed incorrect removal od permissions on PCI
  device unplug allow PV guests to access memory of devices no 
  longer assigned to it (XSA-476) (bsc#1252692)
- CVE-2025-27466, CVE-2025-58142, CVE-2025-58143: Fixed multiple
  vulnerabilities in the Viridian interface (XSA-472) (bsc#1248807)

Other fixes:

- Fixed virtxend service restart. Caused by a failure to start 
  xenstored (bsc#1254180)
</description>
<reboot_needed/>
</patchinfo>