debian · CVE-2025-58150

Quick triage

Priority: end-of-life Published: Updated: Sun, 12 Jul 2026 00:15:04 GMT

View at Official debian advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2025-58150 end-of-life priority: Debian including 1 source packages (xen), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 3, open 2.

Description:

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

cvelogic Threat Intelligence