CVE-2025-58143: 
Linux Debian vulnerability analysis and mitigation

CVE-2025-58143 is one of three vulnerabilities discovered in the Viridian interface of Xen hypervisor. This specific vulnerability involves a race condition in the mapping of the reference TSC page, where a guest can manipulate Xen to free a page while it remains present in the guest physical to machine (p2m) page tables. The vulnerability was publicly disclosed on September 9, 2025, affecting Xen versions 4.13 and newer, specifically impacting x86 HVM guests with reference_tsc or stimer viridian extensions enabled (Xen Advisory).

The vulnerability is part of a set of issues related to the handling and accessing of guest memory pages in the viridian code. Specifically, CVE-2025-58143 manifests as a race condition in the TSC page mapping mechanism, potentially leading to memory management issues. The vulnerability affects the Xen hypervisor's implementation of the Viridian (Hyper-V) interface, particularly in systems where reference_tsc or stimer viridian extensions are enabled (Xen Advisory).

The exploitation of this vulnerability can result in multiple severe consequences including Denial of Service (DoS) affecting the entire host system, potential information leaks, or elevation of privilege. The impact is particularly significant for systems running vulnerable versions of Xen with specific viridian extensions enabled (Xen Advisory).

Two primary mitigation strategies have been identified: 1) Disabling the reference_tsc and stimer viridian extensions will prevent the exploitation of this vulnerability, and 2) Applying the security patches (xsa472-1.patch, xsa472-2.patch, and xsa472-3.patch) provided by the Xen Project Security Team. The patches are designed to be applied to stable branches of the affected versions (Xen Advisory).