Memory Management Vulnerabilities in Xen Hypervisor
CVE-2025-27466

9.8CRITICAL

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 11 September 2025

🔔 Create Xen Project Vulnerability Alert

What is CVE-2025-27466?

Multiple vulnerabilities have been identified in the handling and accessing of guest memory pages in the Xen Hypervisor. One notable issue is a NULL pointer dereference that occurs during the update of the reference TSC area. Additionally, another vulnerability arises from incorrectly assuming that a SIM page is mapped when delivering a synthetic timer message. Furthermore, a race condition emerges in the mapping of the reference TSC page, allowing a guest to potentially free a page while it is still present in the guest's physical to machine (p2m) page tables. These issues could compromise system stability and security.

Affected Version(s)

Xen consult Xen advisory XSA-472

References

https://xenbits.xenproject.org/xsa/advisory-472.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Feb 26, 2025

Credit

This issue was discovered by Roger Pau Monné of XenServer.