CVE-2025-58142: 
NixOS vulnerability analysis and mitigation

A NULL pointer dereference vulnerability was identified in the Xen hypervisor's viridian code, specifically when assuming the SIM page is mapped during synthetic timer message delivery. The vulnerability, tracked as CVE-2025-58142, was discovered by Roger Pau Monné of XenServer and publicly disclosed on September 9, 2025. This issue affects Xen versions 4.13 and newer, specifically impacting x86 HVM guests with the stimer viridian extension enabled (Xen Advisory).

The vulnerability is characterized by a NULL pointer dereference that occurs when the system assumes the SIM page is mapped during the delivery of a synthetic timer message. The issue has received a CVSS 3.1 Base Score of 9.8 (CRITICAL) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. The vulnerability has been classified under CWE-395 (Use of NullPointerException Catch to Detect NULL Pointer Dereference) (NVD).

The vulnerability can lead to a Denial of Service (DoS) affecting the entire host, potential information leaks, or elevation of privilege when exploited. This poses a significant risk to systems running affected versions of Xen with the specific viridian extension enabled (Xen Advisory).

As a primary mitigation, systems administrators can disable the stimer viridian extension to avoid the vulnerability. For a permanent fix, patches have been made available and should be applied to affected systems. The fix is available through patches (xsa472-1.patch, xsa472-2.patch, xsa472-3.patch) that resolve the NULL pointer dereference issue (Xen Advisory).