CVE-2025-58150

x86: buffer overrun with shadow paging + tracing

CVSS 8.8 HIGHEPSS 0.1%CWE-787

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 8.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

28 Jan 2026Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Xen · Xen

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://xenbits.xenproject.org/xsa/advisory-477.html http://www.openwall.com/lists/oss-security/2026/01/27/1 http://xenbits.xen.org/xsa/advisory-477.html