Back to overview

CVE-2025-58151

CRITICAL
9.4
CVSS 4.0
Description
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.

Metadata

CVE ID
CVE-2025-58151
State
PUBLISHED
Assigner
XEN
Reserved
2025-08-26 06:48 UTC
Published
2026-07-09 14:45 UTC
Last updated
2026-07-09 15:41 UTC
Primary CWE
CWE-367
CWE-367 Time-of-check time-of-use (TOCTOU) race condition
Vendor / Product
Xen / varstored
Sources
cve.org  ·  NVD

Severity & Metrics

9.4 CRITICAL CVSS 4.0
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
SSVC — CISA Coordinator
Exploitation
none
Automatable
no
Tech. Impact
total
Affected products (1)
VendorProductPlatformVersions
Xen varstored Linux all
Weakness (CWE)
CWESourceDescription
CWE-367 cna CWE-367 Time-of-check time-of-use (TOCTOU) race condition
CVSS scores (1)
ScoreSeverityVersionSourceVector
9.4 CRITICAL 4.0 cna CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Back to overview