CVE-2025-58150

EUVD-2025-206476
Shadow mode tracing code uses a set of per-CPU variables to avoid
cumbersome parameter passing.  Some of these variables are written to
with guest controlled data, of guest controllable size.  That size can
be larger than the variable, and bounding of the writes was missing.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
xenxen
-
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
4.20.2+37-g61ff35323e-1
fixed
sid
4.20.2+37-g61ff35323e-1
fixed
trixie
4.20.2+37-g61ff35323e-0+deb13u1
fixed
trixie (security)
vulnerable
Common Weakness Enumeration
References
https://xenbits.xenproject.org/xsa/advisory-477.html
http://www.openwall.com/lists/oss-security/2026/01/27/1
http://xenbits.xen.org/xsa/advisory-477.html