CVE-2025-1713

moderate-risk

Published 2025-07-17

When setting up interrupt remapping for legacy PCI(-X) devices, including PCI(-X) bridges, a lookup of the upstream bridge is required. This lookup, itself involving acquiring of a lock, is done in a context where acquiring that lock is unsafe. This can lead to a deadlock.

Do I need to act?

0.12% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (1)

Xen

Affected Vendors

Xen

References (5)

Patch https://xenbits.xenproject.org/xsa/advisory-467.html

Mailing List http://www.openwall.com/lists/oss-security/2025/02/27/1

Mailing List http://www.openwall.com/lists/oss-security/2025/02/27/3

Mailing List http://www.openwall.com/lists/oss-security/2025/02/28/1

Patch http://xenbits.xen.org/xsa/advisory-467.html

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 5/34 · Minimal