Primary

Context

Xen Viridian Interface Race Condition Vulnerability in TSC Page Mapping

Vulnerability

A race condition vulnerability has been identified in the handling of guest memory pages within the Viridian interface of Xen hypervisor. This vulnerability allows a guest to manipulate the mapping of the reference Time Stamp Counter (TSC) page, potentially leading to a denial-of-service condition for the entire host. It affects Xen versions 4.13 and newer, specifically in x86 HVM guests with the reference_tsc or stimer Viridian extensions enabled.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition affecting the entire host, with potential information leaks or unauthorized privilege escalation.

Remediation

To address this vulnerability, apply the patches available in the Xen Security Advisory XSA-472. Instructions for applying these patches can be found in the advisory.

Added: Sep 11, 2025, 2:19 PM

Updated: Sep 11, 2025, 5:19 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

4.7

remediation

7.9

relevance

0.5

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xen Viridian Interface Race Condition Vulnerability in TSC Page Mapping

Vulnerability

Impact

Remediation

Affected Products

Xen

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating