CVE-2025-58150

high

Description

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

References

https://xenbits.xenproject.org/xsa/advisory-477.html

http://xenbits.xen.org/xsa/advisory-477.html

http://www.openwall.com/lists/oss-security/2026/01/27/1

Details

Source: Mitre, NVD

Published: 2026-01-28

Updated: 2026-01-28

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High