CVE-2025-58143 — Use of NullPointerException Catch to Detect NULL Pointer Dereference in XEN
Severity
9.8CRITICALNVD
EPSS
0.1%
top 84.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Timeline
PublishedSep 11
Description
[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]
There are multiple issues related to the handling and accessing of guest
memory pages in the viridian code:
1. A NULL pointer dereference in the updating of the reference TSC area.
This is CVE-2025-27466.
2. A NULL pointer dereference by assuming the SIM page is mapped when
a synthetic timer message has to be delivered. This is
CVE-2025-58142.
3. A race in the mapp…
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9
🔴Vulnerability Details
12OSV▶
CVE-2025-27466: [This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE↗2025-09-11
OSV▶
CVE-2025-58143: [This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE↗2025-09-11
OSV▶
CVE-2025-58143: [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE↗2025-09-11
GHSA▶
GHSA-37qm-8w2q-wgx4: [This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE↗2025-09-11
📋Vendor Advisories
3Debian▶
CVE-2025-58143: xen - [This CNA information record relates to multiple CVEs; the text explains which a...↗2025
Debian▶
CVE-2025-58142: xen - [This CNA information record relates to multiple CVEs; the text explains which a...↗2025
Debian▶
CVE-2025-27466: xen - [This CNA information record relates to multiple CVEs; the text explains which a...↗2025