CVE-2025-58144
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-11-04
Assigner: Xen Project
Description
Description
[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]
There are two issues related to the mapping of pages belonging to other
domains: For one, an assertion is wrong there, where the case actually
needs handling. A NULL pointer de-reference could result on a release
build. This is CVE-2025-58144.
And then the P2M lock isn't held until a page reference was actually
obtained (or the attempt to do so has failed). Otherwise the page can
not only change type, but even ownership in between, thus allowing
domain boundaries to be violated. This is CVE-2025-58145.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xen | xen | From 4.12.0 (inc) to 4.17.0 (exc) |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-476 | The product dereferences a pointer that it expects to be valid but is NULL. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58144 is a vulnerability involving incorrect handling of page mappings from other domains, where an assertion is wrong and needs proper case handling. This can lead to a NULL pointer dereference in a release build.
How can this vulnerability impact me? :
This vulnerability can cause a NULL pointer dereference, which may lead to crashes or instability in the affected system. It involves improper handling of page mappings across domain boundaries.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70