2408822 – (CVE-2025-58149) CVE-2025-58149 xen: Incorrect removal of permissions on PCI device unplug

Bug 2408822 (CVE-2025-58149) - CVE-2025-58149 xen: Incorrect removal of permissions on PCI device unplug

Summary: CVE-2025-58149 xen: Incorrect removal of permissions on PCI device unplug

Keywords:
Status:	NEW
Alias:	CVE-2025-58149
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2413413 2413414 2413415
Blocks:
TreeView+	depends on / blocked

Reported:	2025-10-31 12:01 UTC by OSIDB Bzimport
Modified:	2025-11-10 20:40 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-10-31 12:01:50 UTC

When passing through PCI devices, the detach logic in libxl won't remove
access permissions to any 64bit memory BARs the device might have.  As a
result a domain can still have access any 64bit memory BAR when such
device is no longer assigned to the domain.

For PV domains the permission leak allows the domain itself to map the memory
in the page-tables.  For HVM it would require a compromised device model or
stubdomain to map the leaked memory into the HVM domain p2m.

Note You need to log in before you can comment on or make changes to this bug.