CVE-2025-58143

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2025-58143

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-58143.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2025-58143

Downstream

ALPINE-CVE-2025-58143

DEBIAN-CVE-2025-58143

SUSE-SU-2025:3797-1

SUSE-SU-2025:3798-1

UBUNTU-CVE-2025-58143

Related

Published

2025-09-11T14:15:42Z

Modified

2025-09-24T13:59:09Z

Summary

[none]

Details

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]

There are multiple issues related to the handling and accessing of guest memory pages in the viridian code:

A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466.
A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. This is CVE-2025-58142.
A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. This is CVE-2025-58143.

References

https://xenbits.xenproject.org/xsa/advisory-472.html

Affected packages