← Retour aux CVEs
CVE-2025-58150
HIGH8.8
Description
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.
Details CVE
Score CVSS v3.18.8
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurNONE
Publie1/28/2026
Derniere modification2/9/2026
Sourcenvd
Observations honeypot0
Produits affectes
xen:xen
Faiblesses (CWE)
CWE-787
References
https://xenbits.xenproject.org/xsa/advisory-477.html(security@xen.org)
http://www.openwall.com/lists/oss-security/2026/01/27/1(af854a3a-2127-422b-91ae-364da2661108)
http://xenbits.xen.org/xsa/advisory-477.html(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.