View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2025-58150 end-of-life priority: Debian including 1 source packages (xen), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.