vulnerability

Debian: CVE-2025-58149: xen -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:N/A:N)	Dec 4, 2025	Dec 4, 2025	Dec 5, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

Dec 4, 2025

Added

Dec 4, 2025

Modified

Dec 5, 2025

Description

When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have. As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain. For PV domains the permission leak allows the domain itself to map the memory in the page-tables. For HVM it would require a compromised device model or stubdomain to map the leaked memory into the HVM domain p2m.

Solution

debian-upgrade-xen

References

CVE-2025-58149
https://attackerkb.com/topics/CVE-2025-58149
CWE-672
DEBIAN-DSA-6068-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today