7.5 CVE-2025-1713

Enriched by CISA Patch

When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock.
https://nvd.nist.gov/vuln/detail/CVE-2025-1713

Categories

CWE-833 : Deadlock
The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock OS deadlock OS deadlock involving 3 separate functions deadlock in library deadlock triggered by packets that force collisions in a routing table read/write deadlock between web server and script web server deadlock involving multiple listening connections multiple simultaneous calls to the same function trigger deadlock. chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833). deadlock when an operation is performed on a resource while it is being removed. Deadlock in device driver triggered by using file handle of a related device. Deadlock when large number of small messages cannot be processed quickly enough. OS kernel has deadlock triggered by a signal during a core dump. Race condition leads to deadlock. Chain: array index error (CWE-129) leads to deadlock (CWE-833)

References

af854a3a-2127-422b-91ae-364da2661108 Patch

http://www.openwall.com/lists/oss-security/2025/02/27/1 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/27/3 Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/28/1 Mailing List Third Party Advisory
http://xenbits.xen.org/xsa/advisory-467.html Patch Vendor Advisory

security@xen.org Patch

https://xenbits.xenproject.org/xsa/advisory-467.html Patch Vendor Advisory

AFFECTED (from MITRE)

Vendor	Product	Versions
Xen	Xen	consult Xen advisory XSA-467 [unknown]
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

CPE

cpe	start	end
Configuration 1
cpe:2.3:o:xen:xen:::::::x86:*	>= 4.0.0

REMEDIATION

Patch

Url
http://xenbits.xen.org/xsa/advisory-467.html
https://xenbits.xenproject.org/xsa/advisory-467.html

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

POC Github

Url
No known exploits

Other Nist (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
25	Forced Deadlock The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect. The adversary initiates an exploratory phase to get familiar with the system. The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish. If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service.	High

MITRE

Techniques

id	description
T1499.004	Endpoint Denial of Service: Application or System Exploitation
© 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation.

Mitigations

id	description
M1037	Leverage services provided by Content Delivery Networks (CDN) or providers specializing in DoS mitigations to filter traffic upstream from services. Filter boundary traffic by blocking source addresses sourcing the attack, blocking ports that are being targeted, or blocking protocols being used for transport.
© 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation.

Cybersecurity needs ?

Strengthen software security from the outset with our DevSecOps expertise

Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.

Discover this offer

Soutenez No Hack Me sur Tipeee