CVE-2025-27466

A NULL pointer dereference vulnerability exists in Xen’s viridian implementation when updating the reference TSC area. A malicious x86 HVM guest with the referencetsc viridian extension enabled could trigger this flaw, resulting in a host denial of service crash. Mitigation Disabling the...

CVE-2025-58142

A NULL pointer dereference vulnerability exists in Xen’s viridian implementation by assuming the synthetic interrupt message SIM page is mapped when delivering a synthetic timer message. A malicious x86 HVM guest with the stimer viridian extension enabled could trigger this flaw, leading to a hos...

CVE-2025-58143 Mutiple vulnerabilities in the Viridian interface

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. There are multiple issues related to the handling and accessing of guest memory pages in the viridian code: 1. A NULL pointer dereference in the updating of the reference...

CVE-2025-58143

CVE-2025-58143 is part of multiple viridian-related issues in Xen. The available details describe a race condition in the mapping of the reference TSC page: a guest can trigger Xen to free a page that still remains in the guest physical to machine (p2m) page tables. This is categorized under a se...