← Back to articles
Security· 2 min read

Xen XSA-477 (CVE-2025-58150): buffer overflow in shadow paging with tracing enabled

On 27 January 2026 the Xen Project published security advisory XSA-477, covering vulnerability CVE-2025-58150, rated high severity. The flaw sits in the hypervisor’s tracing code when Xen runs in shadow paging mode on the x86 architecture, and a guest can abuse it to corrupt the hypervisor’s own memory.

What the vulnerability is

Xen ships a tracing subsystem that records internal events for debugging and performance analysis, through tools such as xentrace or xenbaked. When the hypervisor uses shadow paging —the software-based memory translation mechanism that kicks in when hardware-assisted paging (HAP) is not available— and tracing is on, the code that emits the traces writes data into per-CPU variables that the guest controls, at a size the guest also controls, without properly checking the bounds of the destination buffer.

That missing bounds check opens the door to a buffer overrun: the guest can make more data get written than the per-CPU buffer can hold, clobbering adjacent hypervisor memory.

Who is affected

The vulnerability only affects:

  • x86 systems (Arm platforms are not affected).
  • HVM guests running in shadow paging mode.
  • Configurations with tracing enabled (for example via the tbuf_size= parameter, or with xentrace/xenbaked running).

Systems that use HAP (hardware-assisted paging, the norm on modern CPUs) or that have tracing turned off are not exploitable through this path. The branches confirmed as affected are Xen 4.18.x and Xen 4.19.x.

Severity and impact

The impact depends on what sits in adjacent memory and on how the hypervisor was built, so the range is wide:

  • In the best case, bogus trace data.
  • In the worst case, privilege escalation, sensitive information disclosure or denial of service of the host.

A flaw in the hypervisor can break the isolation between virtual machines and the host itself, and that privilege-escalation scenario is what justifies the high severity rating.

Mitigation and patch

The Xen Project offers several remediation paths:

  • Apply the official patches: xsa477.patch for the 4.19.x branch and xsa477-4.18.patch for the 4.18.x branch. This is the definitive fix.
  • Temporary mitigations while the patch is being applied:
    • Use HAP mode instead of shadow paging where the hardware allows it.
    • Disable tracing entirely.
    • Stop the xentrace/xenbaked processes and do not restart them with the -x option.

If you run Xen-based virtualization infrastructure, review your configuration, check whether you combine shadow paging with tracing, and apply the patches or mitigations as soon as you can. Distributions that package Xen usually ship updates derived from these advisories, so keep an eye on the relevant security repositories.

Source