Use of NullPointerException Catch to Detect NULL Pointer Dereference

CVE-2025-27466

High

9.8/10

Summary

There is an issue related to the handling and accessing of guest memory pages in the viridian code: A NULL Pointer Dereference in the updating of the reference TSC area. It can lead to Denial-of-Service (DoS) affecting the entire host, information leaks, or elevation of privilege. This issue affects versions from 4.13.0 prior to 4.21.0-rc1.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference

Catching NullPointerException should not be used as an alternative to programmatic checks to prevent dereferencing a null pointer.

References

Advisory
Advisory

Advisory Timeline

Published Sep 11, 2025

Use of NullPointerException Catch to Detect NULL Pointer Dereference

CVE-2025-27466

Summary

CWE-395 - Use of NullPointerException Catch to Detect NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS