CVE-2025-58144

HIGH

Xen 4.12.0-4.16.x - NULL Pointer Dereference in Page Mapping

Title source: llm

Description

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. This is CVE-2025-58145.

References (3)

Core 3

Core References

Vendor Advisory

https://xenbits.xenproject.org/xsa/advisory-473.html

Various Sources

http://xenbits.xen.org/xsa/advisory-473.html

Mailing List

http://www.openwall.com/lists/oss-security/2025/09/09/2

Scores

CVSS v3 7.5

EPSS 0.0006

EPSS Percentile 19.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

xen/xen 4.12.0 - 4.17.0

Published Sep 11, 2025

Tracked Since Feb 18, 2026