7.9
CVE-2026-42487
- EPSS 0.1%
- Veröffentlicht 18.06.2026 13:46:53
- Zuletzt bearbeitet 22.06.2026 18:38:02
- Quelle security@xen.org
- CVE-Watchlists
- Unerledigt
x86 HVM I/O port list traversal
HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far.
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerXen
≫
Produkt
Xen
Default Statusunknown
Version
consult Xen advisory XSA-491
Status
unknown
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.1% | 0.008 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.9 | 2 | 5.3 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
|
CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
https://xenbits.xenproject.org/xsa/advisory-491.html
http://www.openwall.com/lists/oss-security/2026/06/09/11
http://xenbits.xen.org/xsa/advisory-491.html