CVEFinder.io

CVE-2025-58150

⚠ī¸ high
🔍 Scan for this CVE
Summary

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

CVSS Score
8.8
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-01-28
First Seen: 2026-01-29
📊 Relative Risk Intelligence

This CVE is High Risk - more severe than 81.1% of all 321,566 vulnerabilities in our database.

#60,805
Top 25% most severe
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: Jan 28, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Total
Complete system compromise possible
🏆 Discovered By
This issue was discovered by Jan Beulich of SUSE.
SSVC data provided by CISA
Last Modified 2026-02-09
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-787

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
xen xen Affected
v-

🔗 References 3

https://xenbits.xenproject.org/xsa/advisory-477.html
Mitigation Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/01/27/1
Mailing List Mitigation Patch Third Party Advisory
http://xenbits.xen.org/xsa/advisory-477.html
Mailing List Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-23557 đŸ”ļ medium 6.5 - Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() tri... 2026-05-19
CVE-2026-23558 ⚠ī¸ high 7.8 - The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or ... 2026-05-19
CVE-2026-23554 ⚠ī¸ high 7.8 0.0 The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, ... 2026-03-23
CVE-2026-23555 ⚠ī¸ high 7.1 0.0 Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstor... 2026-03-23
CVE-2026-23553 ℹī¸ low 2.9 0.0 In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the pr... 2026-01-28
CVE-2025-58147 ⚠ī¸ high 7.5 0.0 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to whi... 2025-10-31
These CVEs affect the same products