{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-58145", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "state": "PUBLISHED", "assignerShortName": "XEN", "dateReserved": "2025-08-26T06:48:41.443Z", "datePublished": "2025-09-11T14:05:36.380Z", "dateUpdated": "2025-09-11T14:39:41.138Z"}, "containers": {"cna": {"title": "Arm issues with page refcounting", "datePublic": "2025-09-09T11:53:00.000Z", "descriptions": [{"lang": "en", "value": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are two issues related to the mapping of pages belonging to other\ndomains: For one, an assertion is wrong there, where the case actually\nneeds handling. A NULL pointer de-reference could result on a release\nbuild. This is CVE-2025-58144.\n\nAnd then the P2M lock isn't held until a page reference was actually\nobtained (or the attempt to do so has failed). Otherwise the page can\nnot only change type, but even ownership in between, thus allowing\ndomain boundaries to be violated. This is CVE-2025-58145."}], "impacts": [{"descriptions": [{"lang": "en", "value": "An unprivileged guest can cause a hypervisor crash, causing a Denial of\nService (DoS) of the entire host. Privilege escalation and information\nleaks cannot be ruled out."}]}], "affected": [{"defaultStatus": "unknown", "product": "Xen", "vendor": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-473"}]}], "configurations": [{"lang": "en", "value": "Xen versions 4.12 and onwards are vulnerable. Xen versions 4.11 and\nearlier are not vulnerable.\n\nOnly Arm systems are affected. x86 systems are not affected."}], "workarounds": [{"lang": "en", "value": "There is no known mitigation."}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Jan Beulich of SUSE."}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-473.html"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2025-09-11T14:05:36.380Z"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-362", "lang": "en", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-09-11T14:39:37.372975Z", "id": "CVE-2025-58145", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:39:41.138Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-58145", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-11T14:39:37.372975Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-362", "description": "CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-11T14:29:42.377Z"}}], "cna": {"title": "Arm issues with page refcounting", "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Jan Beulich of SUSE."}], "impacts": [{"descriptions": [{"lang": "en", "value": "An unprivileged guest can cause a hypervisor crash, causing a Denial of\nService (DoS) of the entire host. Privilege escalation and information\nleaks cannot be ruled out."}]}], "affected": [{"vendor": "Xen", "product": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-473"}], "defaultStatus": "unknown"}], "datePublic": "2025-09-09T11:53:00.000Z", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-473.html"}], "workarounds": [{"lang": "en", "value": "There is no known mitigation."}], "descriptions": [{"lang": "en", "value": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are two issues related to the mapping of pages belonging to other\ndomains: For one, an assertion is wrong there, where the case actually\nneeds handling. A NULL pointer de-reference could result on a release\nbuild. This is CVE-2025-58144.\n\nAnd then the P2M lock isn't held until a page reference was actually\nobtained (or the attempt to do so has failed). Otherwise the page can\nnot only change type, but even ownership in between, thus allowing\ndomain boundaries to be violated. This is CVE-2025-58145."}], "configurations": [{"lang": "en", "value": "Xen versions 4.12 and onwards are vulnerable. Xen versions 4.11 and\nearlier are not vulnerable.\n\nOnly Arm systems are affected. x86 systems are not affected."}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2025-09-11T14:05:36.380Z"}}}, "cveMetadata": {"cveId": "CVE-2025-58145", "state": "PUBLISHED", "dateUpdated": "2025-09-11T14:39:41.138Z", "dateReserved": "2025-08-26T06:48:41.443Z", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "datePublished": "2025-09-11T14:05:36.380Z", "assignerShortName": "XEN"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "[This CNA information record relates to multiple CVEs; the\ntext explains which aspects/vulnerabilities correspond to which CVE.]\n\nThere are two issues related to the mapping of pages belonging to other\ndomains: For one, an assertion is wrong there, where the case actually\nneeds handling. A NULL pointer de-reference could result on a release\nbuild. This is CVE-2025-58144.\n\nAnd then the P2M lock isn't held until a page reference was actually\nobtained (or the attempt to do so has failed). Otherwise the page can\nnot only change type, but even ownership in between, thus allowing\ndomain boundaries to be violated. This is CVE-2025-58145."}], "id": "CVE-2025-58145", "lastModified": "2025-09-11T15:15:36.890", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-09-11T14:15:42.737", "references": [{"source": "security@xen.org", "url": "https://xenbits.xenproject.org/xsa/advisory-473.html"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{}