CNNVD-202509-1655 Information
CNNVD ID
CNNVD-202509-1655
Related CVE
- CNNVD Published: 2025-09-11
Description (Chinese)
Xen是Xen开源的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen存在安全漏洞,该漏洞源于处理访客内存页面时存在多个问题,包括更新参考TSC区域时的空指针取消引用、假设SIM页面映射时的空指针取消引用以及映射参考TSC页面时的竞争条件。
Description (English)
Xen is an open-source virtual machine monitor product. The product enables different and incompatible operating systems to operate on the same computer and supports migration during operation to ensure proper operation and avoid loss of power. Xen has a security loophole, which stems from a number of problems in the processing of visitors ’ memory pages, including the cancellation of references to empty fingers when updating the reference to the TSC area, the cancellation of references to empty fingers when assuming the SIM page map and the competitive conditions for mapping references to the TSC page.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Xen
Published
2025-09-11
Last Modified
2026-02-24
References
https://xenbits.xenproject.org/xsa/advisory-472.html https://vigilance.fr/vulnerability/Xen-three-vulnerabilities-via-Viridian-Interface-48172
Patch
https://xenbits.xenproject.org/xsa/advisory-472.html
Share on: