Unrated severityNVD Advisory· Published Jan 28, 2026· Updated Jan 28, 2026

x86: buffer overrun with shadow paging + tracing

CVE-2025-58150

Description

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

Affected products

Xen/Xenv5
Range: consult Xen advisory XSA-477

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

xenbits.xenproject.org/xsa/advisory-477.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000