CVE-2025-58149

{"id": "CVE-2025-58149", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-10-31T12:15:35.143", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-476.html", "tags": ["Patch", "Vendor Advisory"], "source": "security@xen.org"}, {"url": "http://www.openwall.com/lists/oss-security/2025/10/24/1", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://xenbits.xen.org/xsa/advisory-476.html", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-672"}]}], "descriptions": [{"lang": "en", "value": "When passing through PCI devices, the detach logic in libxl won't remove\naccess permissions to any 64bit memory BARs the device might have. As a\nresult a domain can still have access any 64bit memory BAR when such\ndevice is no longer assigned to the domain.\n\nFor PV domains the permission leak allows the domain itself to map the memory\nin the page-tables. For HVM it would require a compromised device model or\nstubdomain to map the leaked memory into the HVM domain p2m."}], "lastModified": "2026-01-14T22:04:31.723", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E095C1C-0DC6-4380-9333-477B13273E9E", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@xen.org"}