CVE-2025-1713

When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://xenbits.xenproject.org/xsa/advisory-467.html	Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2025/02/27/1	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/27/3	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/28/1	Mailing List Third Party Advisory
http://xenbits.xen.org/xsa/advisory-467.html	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*

History

No history.

Information

Published : 2025-07-17 14:15

Updated : 2026-01-13 22:16

NVD link : CVE-2025-1713

Mitre link : CVE-2025-1713

CVE.ORG link : CVE-2025-1713

JSON object : View

Products Affected

xen

xen

CWE

CWE-833

Deadlock

{"id": "CVE-2025-1713", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-17T14:15:30.527", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-467.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@xen.org"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/27/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/27/3", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/02/28/1", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://xenbits.xen.org/xsa/advisory-467.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-833"}]}], "descriptions": [{"lang": "en", "value": "When setting up interrupt remapping for legacy PCI(-X) devices,\nincluding PCI(-X) bridges, a lookup of the upstream bridge is required.\nThis lookup, itself involving acquiring of a lock, is done in a context\nwhere acquiring that lock is unsafe. This can lead to a deadlock."}, {"lang": "es", "value": "Al configurar la reasignaci\u00f3n de interrupciones para dispositivos PCI(-X) antiguos, incluidos los puentes PCI(-X), se requiere una b\u00fasqueda del puente ascendente. Esta b\u00fasqueda, que implica la adquisici\u00f3n de un bloqueo, se realiza en un contexto donde la adquisici\u00f3n de dicho bloqueo no es segura. Esto puede provocar un interbloqueo."}], "lastModified": "2026-01-13T22:16:10.213", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*", "vulnerable": true, "matchCriteriaId": "06663CA9-DD05-46D3-872D-A5102E1B3E96", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@xen.org"}