2394576 – (CVE-2025-58145) CVE-2025-58145 xen: Arm issues with page refcounting

Bug 2394576 (CVE-2025-58145) - CVE-2025-58145 xen: Arm issues with page refcounting

Summary: CVE-2025-58145 xen: Arm issues with page refcounting

Keywords:
Status:	NEW
Alias:	CVE-2025-58145
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2395131 2395132
Blocks:
TreeView+	depends on / blocked

Reported:	2025-09-11 15:01 UTC by OSIDB Bzimport
Modified:	2025-09-15 08:40 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-09-11 15:01:30 UTC

[This CNA information record relates to multiple CVEs; the
text explains which aspects/vulnerabilities correspond to which CVE.]

There are two issues related to the mapping of pages belonging to other
domains: For one, an assertion is wrong there, where the case actually
needs handling.  A NULL pointer de-reference could result on a release
build.  This is CVE-2025-58144.

And then the P2M lock isn't held until a page reference was actually
obtained (or the attempt to do so has failed).  Otherwise the page can
not only change type, but even ownership in between, thus allowing
domain boundaries to be violated.  This is CVE-2025-58145.

Note You need to log in before you can comment on or make changes to this bug.