CVE-2025-58151
Deferred Deferred - Pending Action

Insufficient Compiler Barriers in varstored Leading to TOCTOU

Vulnerability report for CVE-2025-58151, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-09

Last updated on: 2026-07-09

Assigner: Xen Project

Description

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-09
Last Modified
2026-07-09
Generated
2026-07-09
AI Q&A
2026-07-09
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
vates varstored to 2026-01-27 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2025-58151 is a vulnerability in the varstored component of the Xapi toolstack, which handles UEFI variables for virtual machines (VMs).

The issue arises from insufficient compiler barriers in varstored when mapping a buffer shared with OVMF (Open Virtual Machine Firmware) inside the VM, leading to Time-of-Check to Time-of-Use (TOCTOU) problems.

This flaw allows an attacker with kernel-level access inside a VM to potentially gain code execution within varstored, which can lead to privilege escalation.

The vulnerability specifically affects systems using the Xapi toolstack with x86 HVM guests configured as UEFI VMs (where the VM's boot parameters include firmware=uefi).

PV guests or those configured with BIOS firmware are not vulnerable.

Impact Analysis

If you run virtual machines using the Xapi toolstack with x86 HVM guests configured as UEFI VMs, this vulnerability can allow an attacker who already has kernel-level access inside a VM to escalate their privileges by executing code within varstored.

This privilege escalation could compromise the security of the host or other VMs by breaking isolation boundaries.

There are no mitigations available other than applying the provided patch to fix the issue.

Detection Guidance

This vulnerability affects only systems using the Xapi toolstack with x86 HVM guests configured as UEFI VMs, where the HVM-boot-params map contains firmware=uefi.

Detection involves verifying if your environment includes such VMs. You can check the VM configuration parameters to see if they use UEFI firmware.

  • Use Xen or Xapi management tools to list VM configurations and check for 'firmware=uefi' in HVM-boot-params.
  • Example command to inspect VM configuration (replace <vm_name> with your VM):
  • xe vm-param-get uuid=$(xe vm-list name-label=<vm_name> --minimal) param-name=HVM-boot-params
  • Look for 'firmware=uefi' in the output to identify vulnerable VMs.

There are no known network detection commands or signatures for this vulnerability as it is related to internal VM configuration and code execution within varstored.

Mitigation Strategies

There are no available mitigations other than applying the provided patch to fix the vulnerability.

Immediate steps include:

  • Identify all x86 HVM guests configured as UEFI VMs (with firmware=uefi).
  • Apply the patch (xsa478.patch) provided by the Xen Project to the varstored component in the Xapi toolstack.
  • Restart or reload the affected services or VMs as required after patching.

Avoid running untrusted code with kernel-level access inside VMs until the patch is applied, as the vulnerability allows privilege escalation.

Compliance Impact

The provided information does not include any details on how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-58151. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart