关键信息 漏洞详情 Advisory: XSA-475 CVE IDs: CVE-2025-58147, CVE-2025-58148 Title: x86: Incorrect input sanitisation in Viridian hypercalls Public Release Date: 2025-10-21 11:59 Version: 2 漏洞描述 Issue: Some Viridian hypercalls can specify a mask of vCPU IDs as an input, with boundary checking bugs leading to out-of-bounds reads and writes. Impacts: - CVE-2025-58147: Hypercalls with the HV_VP_SET Sparse format cause out-of-bounds writes. - CVE-2025-58148: Any input format can lead to out-of-bounds reads and writes on wild vCPU pointers. 影响 Impact: A buggy or malicious guest can cause Denial of Service (DoS), information leaks, or privilege escalation affecting the entire host. 漏洞系统 Affected Versions: Xen versions 4.15 and newer. Safe Versions: Versions 4.14 and older. Affected Guests: Only x86 HVM guests with Viridian enabled are vulnerable. 缓解措施 Mitigation: Not enabling Viridian will avoid the issue. 解决方案 Resolution: Applying the appropriate set of attached patches resolves the issue. 修复补丁 Patches: xsa475-?.patch