VDB

GCVE-110-MAGEIA-2025-270

GCVE-110-MAGEIA-2025-270
Advisory Published
Vulnetix · Advisory published November 9, 2025
Double unlock in x86 guest IRQ handling. (CVE-2024-31143) Xapi: Metadata injection attack against backup/restore functionality. (CVE-2024-31144) Error handling in x86 IOMMU identity mapping. (CVE-2024-31145) PCI device pass-through with shared resources. (CVE-2024-31146) x86: Deadlock in vlapic_error(). (CVE-2024-45817) Deadlock in x86 HVM standard VGA handling. (CVE-2024-45818) libxl leaks data to PVH guests via ACPI tables. (CVE-2024-45819) Backend can crash Linux netfront. (CVE-2024-53240) Xen hypercall page unsafe against speculative attacks. (CVE-2024-53241) Deadlock potential with VT-d and legacy PCI device pass-through. (CVE-2025-1713) x86: Indirect Target Selection. (CVE-2024-28956) x86: Incorrect stubs exception handling for flags recovery. (CVE-2025-27465) TSA-SQ (TSA in the Store Queues). (CVE-2024-36350) TSA-L1 (TSA in the L1 data cache). (CVE-2024-36357) A NULL pointer dereference in the updating of the reference TSC area. (CVE-2025-27466) A NULL pointer dereference by assuming the SIM page is mapped when a synthetic timer message has to be delivered. (CVE-2025-58142) A race in the mapping of the reference TSC page, where a guest can get Xen to free a page while still present in the guest physical to machine (p2m) page tables. (CVE-2025-58143) An assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. (CVE-2025-58144) The P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. (CVE-2025-58145) XAPI UTF-8 string handling. (CVE-2025-58146) Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. (CVE-2025-58147) Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer.(CVE-2025-58148) Incorrect removal of permissions on PCI device unplug. (CVE-2025-58149)

Affected Products

VendorProductVersionsPlatforms
Mageiaxen0 (affected), 4.17.5-1.git20251028.1.mga9 (unaffected)

Browse GCVE Records

72,148 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›