← back
CVE-2025-58150

x86: buffer overrun with shadow paging + tracing

CVSS 8.8 HIGHEPSS 0.1%CWE-787
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
Xen · Xen

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://xenbits.xenproject.org/xsa/advisory-477.htmlhttp://www.openwall.com/lists/oss-security/2026/01/27/1http://xenbits.xen.org/xsa/advisory-477.html