CVE-2025-58150 — Out-of-bounds Write in XEN

CWE-787 — Out-of-bounds Write6 documents5 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 95.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJan 28

Description

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 2.0 | Impact: 6.0

Affected Packages3 packages

▶debiandebian/xen< xen 4.20.2+37-g61ff35323e-1 (forky)

▶Alpinexen/xen< 4.18.5-r4+3

▶Debianxen/xen< 4.20.2+37-g61ff35323e-0+deb13u1+1

Patches

Patch: xenbits.xenproject.org ↗Patch: www.openwall.com ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

OSV

CVE-2025-58150: Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing↗2026-01-28

▶

GHSA

GHSA-vq9r-cp35-p48q: Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing↗2026-01-28

▶

OSV

CVE-2025-58150: Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing↗2026-01-28

▶

📋Vendor Advisories

Debian

CVE-2025-58150: xen - Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome par...↗2025

▶

🕵️Threat Intelligence

Wiz

CVE-2025-58150 Impact, Exploitability, and Mitigation Steps | Wiz↗

▶