ALPINE-CVE-2025-58150

See a problem?
Please try reporting it to the source first.

Source

https://security.alpinelinux.org/vuln/CVE-2025-58150

Import Source

https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-58150.json

JSON Data

https://api.osv.dev/v1/vulns/ALPINE-CVE-2025-58150

Upstream

CVE-2025-58150

Published

2026-01-28T16:16:12.880Z

Modified

2026-01-29T11:18:08.472751Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding of the writes was missing.

References

https://security.alpinelinux.org/vuln/CVE-2025-58150

Affected packages

Alpine:v3.20 / xen

Package

Name: xen
Purl: pkg:apk/alpine/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.18.5-r4

Affected versions

4.*

4.0.1-r0

4.0.1-r1

4.0.1-r2

4.0.1-r3

4.1.0-r0

4.1.0-r1

4.1.0-r2

4.1.1-r0

4.1.1-r1

4.1.1-r2

4.1.2-r3

4.1.2-r4

4.1.2-r5

4.1.2-r6

4.1.2-r7

4.1.2-r8

4.1.2-r9

4.1.2-r10

4.1.2-r11

4.1.2-r12

4.1.3-r0

4.2.0-r0

4.2.0-r1

4.2.0-r2

4.2.0-r3

4.2.0-r4

4.2.0-r5

4.2.0-r6

4.2.0-r7

4.2.1-r0

4.2.1-r1

4.2.1-r2

4.2.1-r3

4.2.1-r4

4.2.1-r5

4.2.1-r6

4.2.1-r7

4.2.1-r8

4.2.1-r9

4.2.1-r10

4.2.1-r11

4.2.2-r0

4.2.2-r2

4.2.2-r3

4.2.2-r4

4.2.2-r5

4.2.2-r6

4.2.2-r7

4.2.2-r8

4.2.2-r9

4.2.2-r10

4.2.2-r11

4.3.0-r0

4.3.0-r1

4.3.0-r2

4.3.0-r3

4.3.0-r4

4.3.0-r5

4.3.0-r6

4.3.0-r7

4.3.0-r8

4.3.1-r0

4.3.1-r1

4.3.1-r2

4.3.1-r3

4.3.2-r0

4.3.2-r1

4.3.2-r2

4.3.2-r3

4.3.2-r4

4.3.3-r0

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.1-r4

4.4.1-r5

4.4.1-r6

4.4.1-r7

4.4.1-r8

4.4.2-r0

4.4.2-r1

4.5.0-r0

4.5.0-r1

4.5.1-r0

4.5.1-r1

4.5.1-r2

4.5.1-r3

4.6.0-r0

4.6.0-r1

4.6.0-r2

4.6.0-r3

4.6.0-r4

4.6.0-r5

4.6.1-r0

4.6.1-r1

4.6.1-r2

4.6.3-r0

4.6.3-r1

4.7.0-r0

4.7.0-r1

4.7.0-r2

4.7.0-r3

4.7.0-r4

4.7.0-r5

4.7.1-r0

4.7.1-r1

4.7.1-r2

4.7.1-r3

4.7.1-r4

4.7.1-r5

4.7.2-r0

4.8.1-r0

4.8.1-r1

4.8.1-r2

4.8.1-r3

4.8.1-r4

4.9.0-r0

4.9.0-r1

4.9.0-r2

4.9.0-r3

4.9.0-r4

4.9.0-r5

4.9.0-r6

4.9.0-r7

4.9.0-r8

4.9.1-r0

4.9.1-r1

4.9.1-r2

4.9.1-r3

4.10.0-r0

4.10.0-r1

4.10.0-r2

4.10.0-r3

4.10.1-r0

4.10.1-r1

4.10.1-r2

4.11.0-r0

4.11.0-r1

4.11.1-r0

4.11.1-r1

4.12.0-r0

4.12.0-r1

4.12.0-r2

4.12.0-r3

4.12.1-r0

4.12.1-r1

4.12.1-r2

4.13.0-r0

4.13.0-r1

4.13.0-r2

4.13.0-r3

4.13.0-r4

4.13.1-r0

4.13.1-r1

4.13.1-r2

4.13.1-r3

4.13.1-r4

4.13.1-r5

4.14.0-r0

4.14.0-r1

4.14.0-r2

4.14.0-r3

4.14.1-r0

4.14.1-r1

4.14.1-r2

4.14.1-r3

4.14.1-r4

4.14.1-r5

4.15.0-r0

4.15.0-r1

4.15.0-r2

4.15.0-r3

4.15.0-r4

4.15.0-r5

4.15.1-r0

4.15.1-r1

4.15.1-r2

4.15.1-r3

4.16.0-r0

4.16.0-r1

4.16.1-r0

4.16.1-r1

4.16.1-r2

4.16.1-r3

4.16.1-r4

4.16.1-r5

4.16.1-r6

4.16.1-r7

4.16.2-r0

4.16.2-r1

4.16.2-r2

4.16.2-r3

4.17.0-r0

4.17.0-r1

4.17.0-r2

4.17.0-r3

4.17.0-r4

4.17.0-r5

4.17.1-r0

4.17.1-r1

4.17.1-r2

4.17.1-r3

4.17.1-r4

4.17.1-r5

4.17.2-r0

4.17.2-r1

4.17.2-r2

4.17.2-r3

4.17.2-r4

4.18.0-r0

4.18.0-r1

4.18.0-r2

4.18.0-r3

4.18.0-r4

4.18.0-r5

4.18.2-r0

4.18.2-r1

4.18.3-r0

4.18.3-r1

4.18.3-r2

4.18.4-r0

4.18.4-r1

4.18.5-r0

4.18.5-r1

4.18.5-r2

4.18.5-r3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-58150.json"

Alpine:v3.21 / xen

Package

Name: xen
Purl: pkg:apk/alpine/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.19.4-r1

Affected versions

4.*

4.0.1-r0

4.0.1-r1

4.0.1-r2

4.0.1-r3

4.1.0-r0

4.1.0-r1

4.1.0-r2

4.1.1-r0

4.1.1-r1

4.1.1-r2

4.1.2-r3

4.1.2-r4

4.1.2-r5

4.1.2-r6

4.1.2-r7

4.1.2-r8

4.1.2-r9

4.1.2-r10

4.1.2-r11

4.1.2-r12

4.1.3-r0

4.2.0-r0

4.2.0-r1

4.2.0-r2

4.2.0-r3

4.2.0-r4

4.2.0-r5

4.2.0-r6

4.2.0-r7

4.2.1-r0

4.2.1-r1

4.2.1-r2

4.2.1-r3

4.2.1-r4

4.2.1-r5

4.2.1-r6

4.2.1-r7

4.2.1-r8

4.2.1-r9

4.2.1-r10

4.2.1-r11

4.2.2-r0

4.2.2-r2

4.2.2-r3

4.2.2-r4

4.2.2-r5

4.2.2-r6

4.2.2-r7

4.2.2-r8

4.2.2-r9

4.2.2-r10

4.2.2-r11

4.3.0-r0

4.3.0-r1

4.3.0-r2

4.3.0-r3

4.3.0-r4

4.3.0-r5

4.3.0-r6

4.3.0-r7

4.3.0-r8

4.3.1-r0

4.3.1-r1

4.3.1-r2

4.3.1-r3

4.3.2-r0

4.3.2-r1

4.3.2-r2

4.3.2-r3

4.3.2-r4

4.3.3-r0

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.1-r4

4.4.1-r5

4.4.1-r6

4.4.1-r7

4.4.1-r8

4.4.2-r0

4.4.2-r1

4.5.0-r0

4.5.0-r1

4.5.1-r0

4.5.1-r1

4.5.1-r2

4.5.1-r3

4.6.0-r0

4.6.0-r1

4.6.0-r2

4.6.0-r3

4.6.0-r4

4.6.0-r5

4.6.1-r0

4.6.1-r1

4.6.1-r2

4.6.3-r0

4.6.3-r1

4.7.0-r0

4.7.0-r1

4.7.0-r2

4.7.0-r3

4.7.0-r4

4.7.0-r5

4.7.1-r0

4.7.1-r1

4.7.1-r2

4.7.1-r3

4.7.1-r4

4.7.1-r5

4.7.2-r0

4.8.1-r0

4.8.1-r1

4.8.1-r2

4.8.1-r3

4.8.1-r4

4.9.0-r0

4.9.0-r1

4.9.0-r2

4.9.0-r3

4.9.0-r4

4.9.0-r5

4.9.0-r6

4.9.0-r7

4.9.0-r8

4.9.1-r0

4.9.1-r1

4.9.1-r2

4.9.1-r3

4.10.0-r0

4.10.0-r1

4.10.0-r2

4.10.0-r3

4.10.1-r0

4.10.1-r1

4.10.1-r2

4.11.0-r0

4.11.0-r1

4.11.1-r0

4.11.1-r1

4.12.0-r0

4.12.0-r1

4.12.0-r2

4.12.0-r3

4.12.1-r0

4.12.1-r1

4.12.1-r2

4.13.0-r0

4.13.0-r1

4.13.0-r2

4.13.0-r3

4.13.0-r4

4.13.1-r0

4.13.1-r1

4.13.1-r2

4.13.1-r3

4.13.1-r4

4.13.1-r5

4.14.0-r0

4.14.0-r1

4.14.0-r2

4.14.0-r3

4.14.1-r0

4.14.1-r1

4.14.1-r2

4.14.1-r3

4.14.1-r4

4.14.1-r5

4.15.0-r0

4.15.0-r1

4.15.0-r2

4.15.0-r3

4.15.0-r4

4.15.0-r5

4.15.1-r0

4.15.1-r1

4.15.1-r2

4.15.1-r3

4.16.0-r0

4.16.0-r1

4.16.1-r0

4.16.1-r1

4.16.1-r2

4.16.1-r3

4.16.1-r4

4.16.1-r5

4.16.1-r6

4.16.1-r7

4.16.2-r0

4.16.2-r1

4.16.2-r2

4.16.2-r3

4.17.0-r0

4.17.0-r1

4.17.0-r2

4.17.0-r3

4.17.0-r4

4.17.0-r5

4.17.1-r0

4.17.1-r1

4.17.1-r2

4.17.1-r3

4.17.1-r4

4.17.1-r5

4.17.2-r0

4.17.2-r1

4.17.2-r2

4.17.2-r3

4.17.2-r4

4.18.0-r0

4.18.0-r1

4.18.0-r2

4.18.0-r3

4.18.0-r4

4.18.0-r5

4.18.2-r0

4.18.2-r1

4.18.2-r2

4.19.0-r0

4.19.0-r1

4.19.1-r0

4.19.2-r0

4.19.2-r1

4.19.2-r2

4.19.3-r0

4.19.3-r1

4.19.3-r2

4.19.4-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-58150.json"

Alpine:v3.22 / xen

Package

Name: xen
Purl: pkg:apk/alpine/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.20.2-r1

Affected versions

4.*

4.0.1-r0

4.0.1-r1

4.0.1-r2

4.0.1-r3

4.1.0-r0

4.1.0-r1

4.1.0-r2

4.1.1-r0

4.1.1-r1

4.1.1-r2

4.1.2-r3

4.1.2-r4

4.1.2-r5

4.1.2-r6

4.1.2-r7

4.1.2-r8

4.1.2-r9

4.1.2-r10

4.1.2-r11

4.1.2-r12

4.1.3-r0

4.2.0-r0

4.2.0-r1

4.2.0-r2

4.2.0-r3

4.2.0-r4

4.2.0-r5

4.2.0-r6

4.2.0-r7

4.2.1-r0

4.2.1-r1

4.2.1-r2

4.2.1-r3

4.2.1-r4

4.2.1-r5

4.2.1-r6

4.2.1-r7

4.2.1-r8

4.2.1-r9

4.2.1-r10

4.2.1-r11

4.2.2-r0

4.2.2-r2

4.2.2-r3

4.2.2-r4

4.2.2-r5

4.2.2-r6

4.2.2-r7

4.2.2-r8

4.2.2-r9

4.2.2-r10

4.2.2-r11

4.3.0-r0

4.3.0-r1

4.3.0-r2

4.3.0-r3

4.3.0-r4

4.3.0-r5

4.3.0-r6

4.3.0-r7

4.3.0-r8

4.3.1-r0

4.3.1-r1

4.3.1-r2

4.3.1-r3

4.3.2-r0

4.3.2-r1

4.3.2-r2

4.3.2-r3

4.3.2-r4

4.3.3-r0

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.1-r4

4.4.1-r5

4.4.1-r6

4.4.1-r7

4.4.1-r8

4.4.2-r0

4.4.2-r1

4.5.0-r0

4.5.0-r1

4.5.1-r0

4.5.1-r1

4.5.1-r2

4.5.1-r3

4.6.0-r0

4.6.0-r1

4.6.0-r2

4.6.0-r3

4.6.0-r4

4.6.0-r5

4.6.1-r0

4.6.1-r1

4.6.1-r2

4.6.3-r0

4.6.3-r1

4.7.0-r0

4.7.0-r1

4.7.0-r2

4.7.0-r3

4.7.0-r4

4.7.0-r5

4.7.1-r0

4.7.1-r1

4.7.1-r2

4.7.1-r3

4.7.1-r4

4.7.1-r5

4.7.2-r0

4.8.1-r0

4.8.1-r1

4.8.1-r2

4.8.1-r3

4.8.1-r4

4.9.0-r0

4.9.0-r1

4.9.0-r2

4.9.0-r3

4.9.0-r4

4.9.0-r5

4.9.0-r6

4.9.0-r7

4.9.0-r8

4.9.1-r0

4.9.1-r1

4.9.1-r2

4.9.1-r3

4.10.0-r0

4.10.0-r1

4.10.0-r2

4.10.0-r3

4.10.1-r0

4.10.1-r1

4.10.1-r2

4.11.0-r0

4.11.0-r1

4.11.1-r0

4.11.1-r1

4.12.0-r0

4.12.0-r1

4.12.0-r2

4.12.0-r3

4.12.1-r0

4.12.1-r1

4.12.1-r2

4.13.0-r0

4.13.0-r1

4.13.0-r2

4.13.0-r3

4.13.0-r4

4.13.1-r0

4.13.1-r1

4.13.1-r2

4.13.1-r3

4.13.1-r4

4.13.1-r5

4.14.0-r0

4.14.0-r1

4.14.0-r2

4.14.0-r3

4.14.1-r0

4.14.1-r1

4.14.1-r2

4.14.1-r3

4.14.1-r4

4.14.1-r5

4.15.0-r0

4.15.0-r1

4.15.0-r2

4.15.0-r3

4.15.0-r4

4.15.0-r5

4.15.1-r0

4.15.1-r1

4.15.1-r2

4.15.1-r3

4.16.0-r0

4.16.0-r1

4.16.1-r0

4.16.1-r1

4.16.1-r2

4.16.1-r3

4.16.1-r4

4.16.1-r5

4.16.1-r6

4.16.1-r7

4.16.2-r0

4.16.2-r1

4.16.2-r2

4.16.2-r3

4.17.0-r0

4.17.0-r1

4.17.0-r2

4.17.0-r3

4.17.0-r4

4.17.0-r5

4.17.1-r0

4.17.1-r1

4.17.1-r2

4.17.1-r3

4.17.1-r4

4.17.1-r5

4.17.2-r0

4.17.2-r1

4.17.2-r2

4.17.2-r3

4.17.2-r4

4.18.0-r0

4.18.0-r1

4.18.0-r2

4.18.0-r3

4.18.0-r4

4.18.0-r5

4.18.2-r0

4.18.2-r1

4.18.2-r2

4.19.0-r0

4.19.0-r1

4.19.1-r0

4.19.1-r1

4.19.2-r0

4.20.0-r0

4.20.0-r1

4.20.1-r0

4.20.1-r1

4.20.1-r2

4.20.2-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-58150.json"

Alpine:v3.23 / xen

Package

Name: xen
Purl: pkg:apk/alpine/xen?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.20.2-r1

Affected versions

4.*

4.0.1-r0

4.0.1-r1

4.0.1-r2

4.0.1-r3

4.1.0-r0

4.1.0-r1

4.1.0-r2

4.1.1-r0

4.1.1-r1

4.1.1-r2

4.1.2-r3

4.1.2-r4

4.1.2-r5

4.1.2-r6

4.1.2-r7

4.1.2-r8

4.1.2-r9

4.1.2-r10

4.1.2-r11

4.1.2-r12

4.1.3-r0

4.2.0-r0

4.2.0-r1

4.2.0-r2

4.2.0-r3

4.2.0-r4

4.2.0-r5

4.2.0-r6

4.2.0-r7

4.2.1-r0

4.2.1-r1

4.2.1-r2

4.2.1-r3

4.2.1-r4

4.2.1-r5

4.2.1-r6

4.2.1-r7

4.2.1-r8

4.2.1-r9

4.2.1-r10

4.2.1-r11

4.2.2-r0

4.2.2-r2

4.2.2-r3

4.2.2-r4

4.2.2-r5

4.2.2-r6

4.2.2-r7

4.2.2-r8

4.2.2-r9

4.2.2-r10

4.2.2-r11

4.3.0-r0

4.3.0-r1

4.3.0-r2

4.3.0-r3

4.3.0-r4

4.3.0-r5

4.3.0-r6

4.3.0-r7

4.3.0-r8

4.3.1-r0

4.3.1-r1

4.3.1-r2

4.3.1-r3

4.3.2-r0

4.3.2-r1

4.3.2-r2

4.3.2-r3

4.3.2-r4

4.3.3-r0

4.4.1-r0

4.4.1-r1

4.4.1-r2

4.4.1-r3

4.4.1-r4

4.4.1-r5

4.4.1-r6

4.4.1-r7

4.4.1-r8

4.4.2-r0

4.4.2-r1

4.5.0-r0

4.5.0-r1

4.5.1-r0

4.5.1-r1

4.5.1-r2

4.5.1-r3

4.6.0-r0

4.6.0-r1

4.6.0-r2

4.6.0-r3

4.6.0-r4

4.6.0-r5

4.6.1-r0

4.6.1-r1

4.6.1-r2

4.6.3-r0

4.6.3-r1

4.7.0-r0

4.7.0-r1

4.7.0-r2

4.7.0-r3

4.7.0-r4

4.7.0-r5

4.7.1-r0

4.7.1-r1

4.7.1-r2

4.7.1-r3

4.7.1-r4

4.7.1-r5

4.7.2-r0

4.8.1-r0

4.8.1-r1

4.8.1-r2

4.8.1-r3

4.8.1-r4

4.9.0-r0

4.9.0-r1

4.9.0-r2

4.9.0-r3

4.9.0-r4

4.9.0-r5

4.9.0-r6

4.9.0-r7

4.9.0-r8

4.9.1-r0

4.9.1-r1

4.9.1-r2

4.9.1-r3

4.10.0-r0

4.10.0-r1

4.10.0-r2

4.10.0-r3

4.10.1-r0

4.10.1-r1

4.10.1-r2

4.11.0-r0

4.11.0-r1

4.11.1-r0

4.11.1-r1

4.12.0-r0

4.12.0-r1

4.12.0-r2

4.12.0-r3

4.12.1-r0

4.12.1-r1

4.12.1-r2

4.13.0-r0

4.13.0-r1

4.13.0-r2

4.13.0-r3

4.13.0-r4

4.13.1-r0

4.13.1-r1

4.13.1-r2

4.13.1-r3

4.13.1-r4

4.13.1-r5

4.14.0-r0

4.14.0-r1

4.14.0-r2

4.14.0-r3

4.14.1-r0

4.14.1-r1

4.14.1-r2

4.14.1-r3

4.14.1-r4

4.14.1-r5

4.15.0-r0

4.15.0-r1

4.15.0-r2

4.15.0-r3

4.15.0-r4

4.15.0-r5

4.15.1-r0

4.15.1-r1

4.15.1-r2

4.15.1-r3

4.16.0-r0

4.16.0-r1

4.16.1-r0

4.16.1-r1

4.16.1-r2

4.16.1-r3

4.16.1-r4

4.16.1-r5

4.16.1-r6

4.16.1-r7

4.16.2-r0

4.16.2-r1

4.16.2-r2

4.16.2-r3

4.17.0-r0

4.17.0-r1

4.17.0-r2

4.17.0-r3

4.17.0-r4

4.17.0-r5

4.17.1-r0

4.17.1-r1

4.17.1-r2

4.17.1-r3

4.17.1-r4

4.17.1-r5

4.17.2-r0

4.17.2-r1

4.17.2-r2

4.17.2-r3

4.17.2-r4

4.18.0-r0

4.18.0-r1

4.18.0-r2

4.18.0-r3

4.18.0-r4

4.18.0-r5

4.18.2-r0

4.18.2-r1

4.18.2-r2

4.19.0-r0

4.19.0-r1

4.19.1-r0

4.19.1-r1

4.19.2-r0

4.20.0-r0

4.20.0-r1

4.20.0-r2

4.20.1-r0

4.20.1-r1

4.20.1-r2

4.20.2-r0

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2025-58150.json"