CNNVD-202601-4705 Information
CNNVD ID
CNNVD-202601-4705
Related CVE
- CNNVD Published: 2026-01-28
Description (Chinese)
Xen是Xen开源的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。 Xen存在安全漏洞,该漏洞源于影子模式跟踪代码使用一组每CPU变量,其中一些变量可写入由客户机控制的数据,且写入大小可能超过变量本身,同时缺少写入边界检查。
Description (English)
Xen is an open-source virtual machine monitor product. The product enables different and incompatible operating systems to operate on the same computer and supports migration during operation to ensure proper operation and avoid loss of power. Xen has a security loophole, which stems from the use of shadow mode tracking codes using a set of variables per CPU, some of which can be written to data controlled by the client machine and may be larger than the variable itself, while there is a lack of writing to border checks.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Xen
Published
2026-01-28
Last Modified
2026-02-24
References
https://xenbits.xenproject.org/xsa/advisory-477.html http://www.openwall.com/lists/oss-security/2026/01/27/1 http://xenbits.xen.org/xsa/advisory-477.html https://access.redhat.com/security/cve/cve-2025-58150
Patch
https://xenbits.xenproject.org/xsa/xsa477.patch
Share on: