CVE-2025-58151
CRITICALvarstored: TOCTOU issues with mapped guest memory
Title source: cnaDescription
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.
References (3)
Core 3
Core References
Various Sources
http://xenbits.xen.org/xsa/advisory-478.html
Scores
CVSS v4
9.4
EPSS
0.0012
EPSS Percentile
2.1%
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-367
Status
published
Products (1)
Xen/varstored
all
Published
Jul 09, 2026
Tracked Since
Jul 09, 2026