CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2025-58142

CVSS 9.8v3.1pub. 2025-09-11upd. 2025-11-04

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142. 3. A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.

🤖 AI Analysis
How it works

The viridian code in Xen incorrectly assumes that the SIM (Synthetic Interrupt Message) page is always mapped when a synthetic timer message needs to be delivered. If the page is not actually mapped, a NULL pointer dereference occurs. The bug is in the Hyper-V interface handling layer (viridian) and relates to guest memory page management.

Impact

An attacker controlling a guest machine can cause a crash of the Xen hypervisor (host crash), resulting in denial of service for all virtual machines running on that host. Depending on the environment and execution context, further impact on system integrity and confidentiality cannot be excluded (as reflected in the CVSS vector C:H/I:H/A:H).

Mitigation & patch

Apply patches available from the vendor according to references — see advisory XSA-472 at https://xenbits.xenproject.org/xsa/advisory-472.html. As a temporary workaround, disabling viridian support (Hyper-V enlightenments) for guests can be considered if it is not required.

Who is affected

Xen hypervisor — versions indicated in vendor references (advisory XSA-472 available at xenbits.xenproject.org). The issue affects configurations with viridian interface support (Hyper-V enlightenments) enabled for guests.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Xen

    OS
    Xen
    4.13.0 – 4.17.0 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
CWE
References

Related vulnerabilities

CVE-2025-58143CRITICAL9.8PL ✓ten sam produkt

Race condition w Xen viridian — zwolnienie strony obecnej w tablicach p2m

CVE-2025-27466CRITICAL9.8PL ✓ten sam produkt

Błąd NULL pointer dereference w kodzie viridian hiperwizora Xen

CVE-2019-18425CRITICAL9.8ten sam produkt

An issue was discovered in Xen through 4.12.x allowing 32-bit PV guest OS users to gain guest OS privileges by...

CVE-2018-12892CRITICAL9.9ten sam produkt

An issue was discovered in Xen 4.7 through 4.10.x. libxl fails to pass the readonly flag to qemu when setting ...

CVE-2017-15597CRITICAL9.1ten sam produkt

An issue was discovered in Xen through 4.9.x. Grant copying code made an implication that any grant pin would ...