| Name | CVE-2025-58150 |
| Description | Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing. |
| Source | CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
Vulnerable and fixed packages
The table below lists information on source packages.
| Source Package | Release | Version | Status |
|---|
| xen (PTS) | bullseye | 4.14.6-1 | vulnerable |
| bullseye (security) | 4.14.5+94-ge49571868d-1 | vulnerable |
| bookworm, bookworm (security) | 4.17.5+72-g01140da4e8-1 | vulnerable |
| trixie (security), trixie | 4.20.2+7-g1badcf5035-0+deb13u1 | vulnerable |
| forky, sid | 4.20.2+7-g1badcf5035-2 | vulnerable |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| xen | source | bullseye | (unfixed) | end-of-life | | |
| xen | source | (unstable) | (unfixed) | | | |
Notes
[trixie] - xen <postponed> (Minor issue, fix along with next Xen update)
[bookworm] - xen <postponed> (Minor issue, fix along with next Xen update)
[bullseye] - xen <end-of-life> (EOLed in Bullseye)
https://xenbits.xen.org/xsa/advisory-477.html