Home > Vulnerability Database > CVE-2025-58144

Mend.io Vulnerability Database

CVE-2025-58144

Good to know:

Date: September 11, 2025

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] There are two issues related to the mapping of pages belonging to other domains: For one, an assertion is wrong there, where the case actually needs handling. A NULL pointer de-reference could result on a release build. This is CVE-2025-58144. And then the P2M lock isn't held until a page reference was actually obtained (or the attempt to do so has failed). Otherwise the page can not only change type, but even ownership in between, thus allowing domain boundaries to be violated. This is CVE-2025-58145.

Severity Score

8.0

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2025-58144

Url: https://xenbits.xenproject.org/xsa/advisory-473.html

Url: https://www.mend.io/vulnerability-database/CVE-2025-58144

Severity Score

8.0

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

CVSS v3.1

Base Score:	8.0
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2025-58144

Good to know:

Date: September 11, 2025

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?