Arm issues with page refcounting_CVE-2025-58144

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Description

[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]

There are two issues related to the mapping of pages belonging to other
domains: For one, an assertion is wrong there, where the case actually
needs handling. A NULL pointer de-reference could result on a release
build. This is CVE-2025-58144.

And then the P2M lock isn't held until a page reference was actually
obtained (or the attempt to do so has failed). Otherwise the page can
not only change type, but even ownership in between, thus allowing
domain boundaries to be violated. This is CVE-2025-58145.

Basic Information

ID CVE-2025-58144

Source XEN

Published Sep 11, 2025 at 14:05

Modified Sep 11, 2025 at 14:38

Affected Product

Vendor Xen

Product Xen

Version consult Xen advisory XSA-473

CWE Classification

CWE-476

References

xenbits.xenproject.org /xsa/advisory-473.html

{
    "lastseen": "",
    "description": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are two issues related to the mapping of pages belonging to other\ndomains: For one, an assertion is wrong there, where the case actually\nneeds handling.  A NULL pointer de-reference could result on a release\nbuild.  This is CVE-2025-58144.\n\nAnd then the P2M lock isn't held until a page reference was actually\nobtained (or the attempt to do so has failed).  Otherwise the page can\nnot only change type, but even ownership in between, thus allowing\ndomain boundaries to be violated.  This is CVE-2025-58145.",
    "published": "2025-09-11T14:05:36.284Z",
    "modified": "2025-09-11T14:38:26.891Z",
    "type": "cve",
    "title": "Arm issues with page refcounting",
    "source": "XEN",
    "references": "https://xenbits.xenproject.org/xsa/advisory-473.html",
    "id": "CVE-2025-58144",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Xen",
    "version": "consult Xen advisory XSA-473",
    "vendor": "Xen",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}