CVE-2025-58150
Buffer Overflow in Xen Shadow Mode Tracing Enables Data Corruption
Publication date: 2026-01-28
Last updated on: 2026-02-09
Assigner: Xen Project
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| xen | xen | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-787 | The product writes data past the end, or before the beginning, of the intended buffer. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability involves shadow mode tracing code that uses per-CPU variables to avoid complex parameter passing. Some of these variables are written with data controlled by the guest, and the size of this data can be larger than the variable itself. There was no bounding on these writes, which means the guest can write more data than intended, potentially causing memory corruption or other unintended behavior.
How can this vulnerability impact me? :
The vulnerability can lead to serious impacts including high confidentiality, integrity, and availability risks. Because guest-controlled data can overwrite per-CPU variables without proper bounds checking, it may allow an attacker to execute arbitrary code, cause system crashes, or escalate privileges, thereby compromising the affected system.