CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58145 – Arm issues with page refcounting
https://notcve.org/view.php?id=CVE-2025-58145
11 Sep 2025 — [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). • https://xenbits.xenproject.org/xsa/advisory-473.html • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58144 – Arm issues with page refcounting
https://notcve.org/view.php?id=CVE-2025-58144
11 Sep 2025 — [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). • https://xenbits.xenproject.org/xsa/advisory-473.html • CWE-476: NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58143 – Mutiple vulnerabilities in the Viridian interface
https://notcve.org/view.php?id=CVE-2025-58143
11 Sep 2025 — [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. • https://xenbits.xenproject.org/xsa/advisory-472.html • CWE-366: Race Condition within a Thread •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-58142 – Mutiple vulnerabilities in the Viridian interface
https://notcve.org/view.php?id=CVE-2025-58142
11 Sep 2025 — [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. • https://xenbits.xenproject.org/xsa/advisory-472.html • CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-27466 – Mutiple vulnerabilities in the Viridian interface
https://notcve.org/view.php?id=CVE-2025-27466
11 Sep 2025 — [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference TSC area. This is CVE-2025-27466. 2. A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. • https://xenbits.xenproject.org/xsa/advisory-472.html • CWE-395: Use of NullPointerException Catch to Detect NULL Pointer Dereference •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46837 – arm32: The cache may not be properly cleaned/invalidated (take two)
https://notcve.org/view.php?id=CVE-2023-46837
05 Jan 2024 — Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. This undefined behavior was meant to be addressed by XSA-4... • https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JFVKWYQFRUU3CAS53THTUKXEOUDWI42G • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34321 – arm32: The cache may not be properly cleaned/invalidated
https://notcve.org/view.php?id=CVE-2023-34321
05 Jan 2024 — Arm provides multiple helpers to clean & invalidate the cache for a given region. This is, for instance, used when allocating guest memory to ensure any writes (such as the ones during scrubbing) have reached memory before handing over the page to a guest. Unfortunately, the arithmetics in the helpers can overflow and would then result to skip the cache cleaning/invalidation. Therefore there is no guarantee when all the writes will reach the memory. Arm proporciona múltiples ayudas para limpiar e invalidar ... • https://xenbits.xenproject.org/xsa/advisory-437.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34323 – xenstored: A transaction conflict can crash C Xenstored
https://notcve.org/view.php?id=CVE-2023-34323
12 Oct 2023 — When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C Xenstored are assuming that the quota cannot be negative and are using assert() to confirm it. This will lead to C Xenstored crash when tools are built without -DNDEBUG (this is the default). Cuando se confirma una transacción, C Xenstored ... • https://xenbits.xenproject.org/xsa/advisory-440.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34327 – x86/AMD: Debug Mask handling
https://notcve.org/view.php?id=CVE-2023-34327
12 Oct 2023 — [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over... • https://xenbits.xenproject.org/xsa/advisory-444.html •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-34328 – x86/AMD: Debug Mask handling
https://notcve.org/view.php?id=CVE-2023-34328
12 Oct 2023 — [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] AMD CPUs since ~2014 have extensions to normal x86 debugging functionality. Xen supports guests using these extensions. Unfortunately there are errors in Xen's handling of the guest state, leading to denials of service. 1) CVE-2023-34327 - An HVM vCPU can end up operating in the context of a previous vCPUs debug mask state. 2) CVE-2023-34328 - A PV vCPU can place a breakpoint over... • https://xenbits.xenproject.org/xsa/advisory-444.html •