Vulnerability in Xen Varstored

CVE-2025-58151

varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers…

Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)

Affected products

Weakness classification (CWE)

References