CVE-2025-58149
Last modified
CVE-2025-58149 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allows the domain itself to map the memory in the page-tables. EPSS estimates a 0.35% chance of exploitation in the next 30 days.
Description
When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allows the domain itself to map the memory in the page-tables. For HVM it would require a compromised device model or stubdomain to map the leaked memory into the HVM domain p2m.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Xen | Xen | >= 4.0.0 |
References
- https://xenbits.xenproject.org/xsa/advisory-476.htmlPatch, Vendor Advisory
- http://www.openwall.com/lists/oss-security/2025/10/24/1Mailing List, Patch, Third Party Advisory
- http://xenbits.xen.org/xsa/advisory-476.htmlPatch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2025-58149?
How severe is CVE-2025-58149?
How do I fix CVE-2025-58149?
Are you affected by CVE-2025-58149?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST