anonhaven
Ad

CVE-2025-58147

HIGH CVSS 3.1: 7.5 EPSS 0.03%
Updated Jan 14, 2026
Xen
Parameter Value
CVSS 7.5 (HIGH)
Affected Versions from 4.15.0
Type CWE-125 (Out-of-bounds Read)
Vendor Xen
Public PoC No

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Some Viridian hypercalls can specify a mask of vCPU IDs as an input, in one of three formats. Xen has boundary checking bugs with all three formats, which can cause out-of-bounds reads and writes while processing the inputs. * CVE-2025-58147. Hypercalls using the HV_VP_SET Sparse format can cause vpmask_set() to write out of bounds when converting the bitmap to Xen's format. * CVE-2025-58148.

Hypercalls using any input format can cause send_ipi() to read d->vcpu[] out-of-bounds, and operate on a wild vCPU pointer.

Attack Parameters

Attack Vector
Network
Can be exploited remotely
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
High
Complete data leak
Integrity
None
No data modification
Availability
None
No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-125 Out-of-bounds Read

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Xen Xen
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
 4.15.0

References 3

https://xenbits.xenproject.org/xsa/advisory-475.html
security@xen.org
http://www.openwall.com/lists/oss-security/2025/10/21/1
af854a3a-2127-422b-91ae-364da2661108
http://xenbits.xen.org/xsa/advisory-475.html
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-23555

Xen

7.1

CVE-2026-23554

Intel

7.8

CVE-2025-58149

Xen

7.5

CVE-2025-58148

Xen

7.5

CVE-2024-31144

Xen

3.8