CVE-2025-58149
BaseFortify
Publication date: 2025-10-31
Last updated on: 2025-11-04
Assigner: Xen Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xen | xen | 4.18 |
| xen | xen | 4.20 |
| xen | xen | 4.17 |
| xen | xen | * |
| xen | xen | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-672 | The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in Xen's libxl library when PCI devices are unplugged during PCI passthrough. The detach logic fails to remove access permissions to any 64-bit memory Base Address Registers (BARs) of the PCI device. As a result, a domain can still access the 64-bit memory BARs of devices no longer assigned to it. For paravirtualized (PV) domains, this means the domain can directly map the leaked memory in its page tables. For hardware virtual machine (HVM) domains, exploiting this requires an additional compromised device model or stubdomain to map the leaked memory into the domain's physical-to-machine memory mapping. [1]
How can this vulnerability impact me? :
The impact of this vulnerability is that a domain may retain unauthorized access to memory regions of PCI devices that have been detached, potentially leading to information disclosure. For PV domains, the domain itself can map and access this leaked memory directly, which could expose sensitive data. For HVM domains, exploitation requires further compromise but could similarly lead to unauthorized memory access. This unauthorized access could be leveraged by attackers to gain sensitive information or compromise system security. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking whether PCI passthrough devices have been hot unplugged without proper removal of access permissions to their 64-bit memory BARs. Since the vulnerability is related to the libxl toolstack managing PCI devices, you can inspect the current PCI device assignments and memory mappings for domains using commands like 'xl pci-list <domain>' to list PCI devices assigned to a domain and 'xl mem-list <domain>' to review memory mappings. Additionally, monitoring for hot unplug events of PCI devices and verifying if the domain still retains access to the device's 64-bit BAR memory regions can help detect the issue. However, no specific detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include avoiding hot unplug of PCI devices from domains to prevent permission leaks. Limiting PCI passthrough usage to hardware virtual machine (HVM) domains only is also recommended, as exploitation in HVM domains requires additional compromised components, reducing risk. Applying the official patches provided for this vulnerability (xsa476.patch and its variants for different Xen versions) is the definitive fix. Users should update to the tip of the stable branch before applying these patches to ensure full remediation. [1]