CVE-2025-58151
9.4
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF.
Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer.
The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Xen | varstored | all | affected |
Weaknesses
- CWE-367: CWE-367 Time-of-check time-of-use (TOCTOU) race condition
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.