VDB
CVE-2025-58150
CVE-2025-58150
PUBLISHED
CVSS 8.800000190734863 HIGH
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.
EPSS 0.02% · 6.6th percentile
Risk Scores
CVSS v3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.02%
6.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| xen | xen | |
| Xen | Xen | consult Xen advisory XSA-477 |
Timeline
- Jan 27, 2026 CVE Published
- Jan 27, 2026 PoC Published
- Jan 27, 2026 PoC Published
- Jan 27, 2026 PoC Published
- Jan 27, 2026 PoC Published
- Jan 28, 2026 CVE Updated
- Jan 28, 2026 PoC Published
- Jan 28, 2026 PoC Published
- Jan 28, 2026 PoC Published
- Jan 29, 2026 EPSS Score
- Jan 30, 2026 PoC Published
- Jan 31, 2026 EPSS Score
References
- https://xenbits.xen.org/xsa/advisory-477.html advisory
- https://xenbits.xen.org/xsa/advisory-478.html advisory
- https://xenbits.xen.org/xsa/advisory-479.html advisory
- https://xenbits.xenproject.org/xsa/advisory-477.html url
- http://www.openwall.com/lists/oss-security/2026/01/27/1 url
- http://xenbits.xen.org/xsa/advisory-477.html url
- https://nvd.nist.gov/vuln/detail/CVE-2025-58150 advisory