x86: buffer overrun with shadow paging + tracing_CVE-2025-58150

8.8 / 10

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Shadow mode tracing code uses a set of per-CPU variables to avoid
cumbersome parameter passing. Some of these variables are written to
with guest controlled data, of guest controllable size. That size can
be larger than the variable, and bounding of the writes was missing.

Basic Information

ID CVE-2025-58150

Source XEN

Published Jan 28, 2026 at 15:33

Modified Jan 28, 2026 at 16:46

Affected Product

Vendor Xen

Product Xen

Version consult Xen advisory XSA-477

CWE Classification

CWE-787

References

xenbits.xenproject.org /xsa/advisory-477.html

{
    "lastseen": "",
    "description": "Shadow mode tracing code uses a set of per-CPU variables to avoid\ncumbersome parameter passing.  Some of these variables are written to\nwith guest controlled data, of guest controllable size.  That size can\nbe larger than the variable, and bounding of the writes was missing.",
    "published": "2026-01-28T15:33:17.316Z",
    "modified": "2026-01-28T16:46:04.355Z",
    "type": "cve",
    "title": "x86: buffer overrun with shadow paging + tracing",
    "source": "XEN",
    "references": "https://xenbits.xenproject.org/xsa/advisory-477.html",
    "id": "CVE-2025-58150",
    "bulletinFamily": "",
    "cwe": [
        "CWE-787"
    ],
    "cvelist": null,
    "sourceData": "",
    "sourceHref": "",
    "cvss": {
        "score": 8.8,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "Xen",
    "version": "consult Xen advisory XSA-477",
    "vendor": "Xen",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}