{"affected":[{"ecosystem_specific":{"binaries":[{"xen-libs":"4.17.6_02-150500.3.56.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Micro 5.5","name":"xen","purl":"pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.5"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"4.17.6_02-150500.3.56.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for xen fixes the following issues:\n\nUpdate to Xen 4.17.6.\n\nSecurity issues fixed:\n\n- CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no\n  longer assigned to them (bsc#1252692).\n\nOther issues fixed:\n\n- Several upstream bug fixes (bsc#1027519).\n- Failure to restart xenstored (bsc#1254180).\n","id":"SUSE-SU-2025:4490-1","modified":"2025-12-19T11:17:12Z","published":"2025-12-19T11:17:12Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-20254490-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1027519"},{"type":"REPORT","url":"https://bugzilla.suse.com/1252692"},{"type":"REPORT","url":"https://bugzilla.suse.com/1254180"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-58149"}],"related":["CVE-2025-58149"],"summary":"Security update for xen","upstream":["CVE-2025-58149"]}