Memory Management Vulnerabilities in Xen Hypervisor
CVE-2025-27466

9.8CRITICAL

Key Information:

Vendor: Xen Project
Status: Xen Project
Vendor: CVE Published:; 11 September 2025

🔔 Create Xen Project Vulnerability Alert

What is CVE-2025-27466?

Multiple vulnerabilities have been identified in the handling and accessing of guest memory pages in the Xen Hypervisor. One notable issue is a NULL pointer dereference that occurs during the update of the reference TSC area. Additionally, another vulnerability arises from incorrectly assuming that a SIM page is mapped when delivering a synthetic timer message. Furthermore, a race condition emerges in the mapping of the reference TSC page, allowing a guest to potentially free a page while it is still present in the guest's physical to machine (p2m) page tables. These issues could compromise system stability and security.

Affected Version(s)

Xen consult Xen advisory XSA-472

References

https://xenbits.xenproject.org/xsa/advisory-472.html

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 11, 2025
Vulnerability Reserved
Feb 26, 2025

Credit

This issue was discovered by Roger Pau Monné of XenServer.

JSON