x86: Incorrect input sanitisation in Viridian hypercalls
Description
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]
Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs.
* CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format.
* CVE-2025-58148. Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
22- osv-coords20 versionspkg:rpm/opensuse/xen&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP6pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Server%20Applications%2015%20SP7pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP5-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSSpkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5pkg:rpm/suse/xen&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP6pkg:rpm/suse/xen&distro=SUSE%20Manager%20Proxy%20LTS%204.3pkg:rpm/suse/xen&distro=SUSE%20Manager%20Server%20LTS%204.3
< 4.18.5_06-150600.3.31.2+ 19 more
- (no CPE)range: < 4.18.5_06-150600.3.31.2
- (no CPE)range: < 4.16.7_04-150400.4.75.1
- (no CPE)range: < 4.16.7_04-150400.4.75.1
- (no CPE)range: < 4.17.5_12-150500.3.53.1
- (no CPE)range: < 4.17.5_12-150500.3.53.1
- (no CPE)range: < 4.16.7_04-150400.4.75.1
- (no CPE)range: < 4.16.7_04-150400.4.75.1
- (no CPE)range: < 4.17.5_12-150500.3.53.1
- (no CPE)range: < 4.18.5_06-150600.3.31.2
- (no CPE)range: < 4.20.1_06-150700.3.14.1
- (no CPE)range: < 4.18.5_06-150600.3.31.2
- (no CPE)range: < 4.20.1_06-150700.3.14.1
- (no CPE)range: < 4.16.7_04-150400.4.75.1
- (no CPE)range: < 4.17.5_12-150500.3.53.1
- (no CPE)range: < 4.18.5_08-150600.3.34.2
- (no CPE)range: < 4.16.7_04-150400.4.75.1
- (no CPE)range: < 4.17.5_12-150500.3.53.1
- (no CPE)range: < 4.18.5_08-150600.3.34.2
- (no CPE)range: < 4.16.7_04-150400.4.75.1
- (no CPE)range: < 4.16.7_04-150400.4.75.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.