This update for xen fixes the following issues:
Security issues fixed:
- CVE-2025-27466: NULL pointer dereference in the Viridian interface when updating the reference TSC area (bsc#1248807).
- CVE-2025-58142: NULL pointer dereference in the Viridian interface due to assumption that the SIM page is mapped when
a synthetic timer message has to be delivered (bsc#1248807).
- CVE-2025-58143: information leak and reference counter underflow in the Viridian interface due to race in the mapping
of the reference TSC page (bsc#1248807).
- CVE-2025-58147: incorrect input sanitisation in Viridian hypercalls using the HV_VP_SET Sparse format can lead to
out-of-bounds write through
vpmask_set() (bsc#1251271).
- CVE-2025-58148: incorrect input sanitisation in Viridian hypercalls using any input format can lead to out-of-bounds
read through
send_ipi() (bsc#1251271).
- CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no
longer assigned to them (bsc#1252692).
Other issues fixed:
- Several upstream bug fixes (bsc#1027519).
- Failure to restart xenstored (bsc#1254180).