VDB
DEBIAN-CVE-2025-58150
DEBIAN-CVE-2025-58150
PUBLISHED
CVSS 8.800000190734863 HIGH
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.
Risk Scores
CVSS 3.1
8.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | xen | 0, 4.20.2+7-g1badcf5035-0+deb13u1, 4.20.2+7-g1badcf5035-1 |
| Debian:12 | xen | 0, 4.17.1+2-gb773c48e36-1, 4.17.2+55-g0b56bed864-1 |
| Debian:14 | xen | 4.20.2+7-g1badcf5035-1, 4.20.2+7-g1badcf5035-2, * |
| Debian:11 | xen | 0, 4.14.2+25-gb6a8c4f72d-2, 4.14.3+32-g9de3671772-1 |
Timeline
- Jan 28, 2026 CVE Published
- Apr 28, 2026 CVE Updated