{"url":"http://public2.vulnerablecode.io/api/packages/475506?format=json","purl":"pkg:apk/alpine/xen@4.20.1-r2?arch=x86_64&distroversion=v3.23&reponame=main","type":"apk","namespace":"alpine","name":"xen","version":"4.20.1-r2","qualifiers":{"arch":"x86_64","distroversion":"v3.23","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.20.2-r1","latest_non_vulnerable_version":"4.20.3-r3","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106550?format=json","vulnerability_id":"VCID-2wu6-2tup-2ub2","summary":"When passing through PCI devices, the detach logic in libxl won't remove access permissions to any 64bit memory BARs the device might have.  As a result a domain can still have access any 64bit memory BAR when such device is no longer assigned to the domain.  For PV domains the permission leak allows the domain itself to map the memory in the page-tables.  For HVM it would require a compromised device model or stubdomain to map the leaked memory into the HVM domain p2m.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58149","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17299","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17397","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17361","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17282","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00057","scoring_system":"epss","scoring_elements":"0.18157","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58149"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58149","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58149"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075","reference_id":"1120075","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-476.html","reference_id":"advisory-476.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-11-03T14:24:29Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-476.html"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-476.html","reference_id":"XSA-476","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-476.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/475506?format=json","purl":"pkg:apk/alpine/xen@4.20.1-r2?arch=x86_64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.20.1-r2%3Farch=x86_64&distroversion=v3.23&reponame=main"}],"aliases":["CVE-2025-58149","XSA-476"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2wu6-2tup-2ub2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/106548?format=json","vulnerability_id":"VCID-navq-t6wp-xqaf","summary":"[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.]  Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats.  Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs.   * CVE-2025-58147.  Hypercalls using the HV_VP_SET Sparse format can    cause vpmask_set() to write out of bounds when converting the bitmap    to Xen's format.   * CVE-2025-58148.  Hypercalls using any input format can cause    send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild    vCPU pointer.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58147","reference_id":"","reference_type":"","scores":[{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08943","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08983","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08963","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0003","scoring_system":"epss","scoring_elements":"0.08915","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00031","scoring_system":"epss","scoring_elements":"0.09388","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-58147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-58147"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075","reference_id":"1120075","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1120075"},{"reference_url":"https://xenbits.xenproject.org/xsa/advisory-475.html","reference_id":"advisory-475.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-31T17:45:24Z/"}],"url":"https://xenbits.xenproject.org/xsa/advisory-475.html"},{"reference_url":"https://xenbits.xen.org/xsa/advisory-475.html","reference_id":"XSA-475","reference_type":"","scores":[],"url":"https://xenbits.xen.org/xsa/advisory-475.html"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/475506?format=json","purl":"pkg:apk/alpine/xen@4.20.1-r2?arch=x86_64&distroversion=v3.23&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.20.1-r2%3Farch=x86_64&distroversion=v3.23&reponame=main"}],"aliases":["CVE-2025-58147","XSA-475"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-navq-t6wp-xqaf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/xen@4.20.1-r2%3Farch=x86_64&distroversion=v3.23&reponame=main"}