Bug 2380445 (CVE-2025-27465)

Summary: CVE-2025-27465 xen: Xen: Incorrect Exception Handling
Product: [Other] Security Response Reporter: OSIDB Bzimport <bzimport>
Component: vulnerabilityAssignee: Product Security DevOps Team <prodsec-dev>
Status: NEW --- QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedKeywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: ---
Doc Text:
A flaw was found in Xen. Xen’s emulation of intercepted instructions uses replay mechanisms with executable stubs. Improper handling of exceptions raised during this replay process allows a local attacker to trigger unexpected behavior. This issue can occur when an instruction causes an exception during replay, potentially leading to a system crash. The vulnerability stems from a failure to handle exceptional conditions within the instruction replay logic.
 Story Points: ---
Clone Of: Environment:
Last Closed: Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2381572    
Bug Blocks:    

Description OSIDB Bzimport 2025-07-16 10:01:15 UTC 
Certain instructions need intercepting and emulating by Xen.  In some
cases Xen emulates the instruction by replaying it, using an executable
stub.  Some instructions may raise an exception, which is supposed to be
handled gracefully.  Certain replayed instructions have additional logic
to set up and recover the changes to the arithmetic flags.

For replayed instructions where the flags recovery logic is used, the
metadata for exception handling was incorrect, preventing Xen from
handling the the exception gracefully, treating it as fatal instead.