{"id":"MGASA-2025-0270","summary":"Updated xen packages fix security vulnerabilities","details":"Double unlock in x86 guest IRQ handling. (CVE-2024-31143)\nXapi: Metadata injection attack against backup/restore functionality.\n(CVE-2024-31144)\nError handling in x86 IOMMU identity mapping. (CVE-2024-31145)\nPCI device pass-through with shared resources. (CVE-2024-31146)\nx86: Deadlock in vlapic_error(). (CVE-2024-45817)\nDeadlock in x86 HVM standard VGA handling. (CVE-2024-45818)\nlibxl leaks data to PVH guests via ACPI tables. (CVE-2024-45819)\nBackend can crash Linux netfront. (CVE-2024-53240)\nXen hypercall page unsafe against speculative attacks. (CVE-2024-53241)\nDeadlock potential with VT-d and legacy PCI device pass-through.\n(CVE-2025-1713)\nx86: Indirect Target Selection. (CVE-2024-28956)\nx86: Incorrect stubs exception handling for flags recovery.\n(CVE-2025-27465)\nTSA-SQ (TSA in the Store Queues). (CVE-2024-36350)\nTSA-L1 (TSA in the L1 data cache). (CVE-2024-36357)\nA NULL pointer dereference in the updating of the reference TSC area.\n(CVE-2025-27466)\nA NULL pointer dereference by assuming the SIM page is mapped when a\nsynthetic timer message has to be delivered. (CVE-2025-58142)\nA race in the mapping of the reference TSC page, where a guest can get\nXen to free a page while still present in the guest physical to machine\n(p2m) page tables. (CVE-2025-58143)\nAn assertion is wrong there, where the case actually needs handling.  A\nNULL pointer de-reference could result on a release build.\n(CVE-2025-58144)\nThe P2M lock isn't held until a page reference was actually obtained (or\nthe attempt to do so has failed).  Otherwise the page can not only\nchange type, but even ownership in between, thus allowing domain\nboundaries to be violated. (CVE-2025-58145)\nXAPI UTF-8 string handling. (CVE-2025-58146)\nHypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to\nwrite out of bounds when converting the bitmap to Xen's format.\n(CVE-2025-58147)\nHypercalls using any input format can cause send_ipi() to read d-\u003evcpu[]\nout-of-bounds, and operate on a wild vCPU pointer.(CVE-2025-58148)\nIncorrect removal of permissions on PCI device unplug. (CVE-2025-58149)\n","modified":"2026-03-25T17:59:17.617371Z","published":"2025-11-09T07:52:10Z","related":["CVE-2024-28956","CVE-2024-31143","CVE-2024-31144","CVE-2024-31145","CVE-2024-31146","CVE-2024-36350","CVE-2024-36357","CVE-2024-45817","CVE-2024-45818","CVE-2024-45819","CVE-2024-53240","CVE-2024-53241","CVE-2025-1713","CVE-2025-27462","CVE-2025-27463","CVE-2025-27464","CVE-2025-27465","CVE-2025-27466","CVE-2025-58142","CVE-2025-58143","CVE-2025-58144","CVE-2025-58145","CVE-2025-58146","CVE-2025-58147","CVE-2025-58148","CVE-2025-58149"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2025-0270.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=33401"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/07/16/3"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/07/16/4"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/08/14/2"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/08/14/3"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/09/24/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/11/12/2"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/11/12/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/12/17/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2024/12/17/2"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/02/27/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/05/12/4"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/05/12/5"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/KEACKX57LEHS2YKZ4PO5DYNOQRGQSDO2/"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/05/27/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/07/01/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/07/08/2"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/08/28/2"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/09/09/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/09/09/2"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/09/09/3"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/10/21/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/10/24/1"},{"type":"REPORT","url":"https://www.openwall.com/lists/oss-security/2025/11/05/4"}],"affected":[{"package":{"name":"xen","ecosystem":"Mageia:9","purl":"pkg:rpm/mageia/xen?arch=source&distro=mageia-9"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.17.5-1.git20251028.1.mga9"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2025-0270.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}