Vulnerability in Xen Varstored
CVE-2025-58151
varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers…
Vulnerability class: TOCTOU (Time-of-Check to Time-of-Use)
Affected products
- Xen Varstored — versions all