CVE-2025-58150
8.8
HIGH
CVSS 3.1
EPSS 0.02%
Description
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.
How to fix CVE-2025-58150
To remediate CVE-2025-58150, upgrade the affected package to a fixed version below.
- Alpine/xen—upgrade to 4.18.5-r4 or later
- —no fix listed
Is CVE-2025-58150 being exploited?
Low — EPSS is 0.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.18.5-r4
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |