CVE-2026-42488
- EPSS 0.35%
- Veröffentlicht 18.06.2026 13:47:23
- Zuletzt bearbeitet 22.06.2026 18:38:02
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache.
CVE-2026-42489
- EPSS 0.08%
- Veröffentlicht 18.06.2026 13:47:13
- Zuletzt bearbeitet 22.06.2026 18:38:02
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domai...
CVE-2026-42490
- EPSS 0.2%
- Veröffentlicht 18.06.2026 13:47:13
- Zuletzt bearbeitet 22.06.2026 18:38:02
[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domai...
CVE-2026-42487
- EPSS 0.1%
- Veröffentlicht 18.06.2026 13:46:53
- Zuletzt bearbeitet 22.06.2026 18:38:02
HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (whi...
CVE-2026-23558
- EPSS 0.12%
- Veröffentlicht 19.05.2026 12:49:54
- Zuletzt bearbeitet 19.05.2026 18:55:19
The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. ...
CVE-2026-23557
- EPSS 0.16%
- Veröffentlicht 19.05.2026 12:49:42
- Zuletzt bearbeitet 19.05.2026 18:56:35
Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Not...
CVE-2026-23555
- EPSS 0.18%
- Veröffentlicht 23.03.2026 06:57:07
- Zuletzt bearbeitet 10.04.2026 20:38:17
Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing asse...
CVE-2026-23554
- EPSS 0.13%
- Veröffentlicht 23.03.2026 06:56:52
- Zuletzt bearbeitet 10.04.2026 20:40:33
The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however ...
CVE-2026-23553
- EPSS 0.13%
- Veröffentlicht 28.01.2026 15:33:44
- Zuletzt bearbeitet 09.02.2026 18:46:17
In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the previous vCPU to run. While safe for Xen's isolation between vCPUs, this prevents the guest kernel correctly isolating between tasks...
CVE-2025-58150
- EPSS 0.13%
- Veröffentlicht 28.01.2026 15:33:17
- Zuletzt bearbeitet 09.02.2026 19:13:28
Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables are written to with guest controlled data, of guest controllable size. That size can be larger than the variable, and bounding o...