CVE-2025-58145
BaseFortify
Publication date: 2025-09-11
Last updated on: 2025-11-04
Assigner: Xen Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xen | xen | From 4.12.0 (inc) to 4.17.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-362 | The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-58145 is a vulnerability in the Xen hypervisor where the P2M lock is not held until a page reference is obtained or the attempt fails. This flaw allows the page type or ownership to change in between, which can lead to violations of domain boundaries. Essentially, this means that memory pages belonging to one domain could be improperly accessed or manipulated by another domain, breaking isolation guarantees. [1]
How can this vulnerability impact me? :
This vulnerability can allow domain boundary violations, meaning that one domain could potentially access or interfere with memory pages of another domain. This breaks the isolation between virtual machines or domains, potentially leading to unauthorized access or manipulation of data. It could also lead to instability or security breaches in systems relying on Xen for virtualization. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to apply the patches provided for the affected Xen stable branches (4.17.x through 4.19.x). No other known mitigations exist. It is recommended to update to the tip of the stable branch before applying these patches to fix the assertion handling and locking issues that cause the vulnerability. [1]