PT-2025-54614 · Xen · Xen

Jan Beulich

Published

2025-01-01

Updated

2026-02-20

CVE-2025-58150

CVSS v3.1

8.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Xen versions prior to 4.18.5-r4

Description The issue involves shadow mode tracing code that utilizes per-CPU variables to streamline parameter passing. Certain variables are written to using guest-controlled data of a size determined by the guest. This size can exceed the variable's capacity, and the necessary bounds checking is absent. This can lead to memory corruption if a malicious guest exploits this flaw. The issue requires guest compromise to be exploited.

Recommendations Update to version 4.18.5-r4.

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

CVE-2025-58150

MGASA-2026-0026

OPENSUSE-SU-2026:10118-1

SUSE-SU-2026:0303-1

SUSE-SU-2026:0304-1

SUSE-SU-2026:0306-1

SUSE-SU-2026:0328-1

SUSE-SU-2026:0329-1

SUSE-SU-2026:0394-1

SUSE-SU-2026:0589-1

Affected Products

Xen

PT-2025-54614 · Xen · Xen

CVE-2025-58150

Weakness Enumeration

Related Identifiers

Affected Products

References · 54