CVE-2025-58149 — HIGH (7.5)

Vulnerability Description

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allows the domain itself to map the memory in the page-tables. For HVM it would require a compromised device model or stubdomain to map the leaked memory into the HVM domain p2m.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Xen	Xen	>= 4.0.0

Related Weaknesses (CWE)

CWE-672

References

https://xenbits.xenproject.org/xsa/advisory-476.htmlPatchVendor Advisory
http://www.openwall.com/lists/oss-security/2025/10/24/1Mailing ListPatchThird Party Advisory
http://xenbits.xen.org/xsa/advisory-476.htmlPatchVendor Advisory

FAQ

What is CVE-2025-58149?

CVE-2025-58149 is a vulnerability with a CVSS score of 7.5 (HIGH). When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory...

How severe is CVE-2025-58149?

CVE-2025-58149 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2025-58149?

Check the references section above for vendor advisories and patch information. Affected products include: Xen Xen.