CVE-2025-58151
varstored: TOCTOU issues with mapped guest memory
CVSS Score
0.0
EPSS Score
0.0%
EPSS Percentile
0th
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the shared buffer. The exact vulnerable behaviour depends on the code generated by the compiler. In a build of varstored using default settings, the attacker can control an index used in a jump table.
| CWE | CWE-367 |
| Vendor | xen |
| Product | varstored |
| Published | Jul 9, 2026 |
| Last Updated | Jul 9, 2026 |
Stay Ahead of the Next One
Get instant alerts for xen varstored
Be the first to know when new unknown vulnerabilities affecting xen varstored are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
Xen / varstored
all
References
Credits
This issue was discovered by Teddy Astie of Vates.