CVE-2026-42487
HIGH EPSS 0.8%
Published Jun 18, 20262w ago · Modified Jun 22, 20261w ago
7.9 CVSS 3.1
Published Jun 18, 2026 2w ago
Last Modified Jun 22, 2026 1w ago
Description
HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H Attack Vector Local
Attack Complexity Low
Privileges Required Low
User Interaction None
Scope Changed
Confidentiality Low
Integrity Low
Availability High
Threat Intelligence
EPSS Exploit Probability
0.8% percentile
Exploit & Patch Status
No Known Exploit
No Patch Available
Weaknesses 1
CWE-362
References 3
- openwall.com http://www.openwall.com/lists/oss-security/2026/06/09/11
- xenbits.xen.org http://xenbits.xen.org/xsa/advisory-491.html
- xenbits.xenproject.org https://xenbits.xenproject.org/xsa/advisory-491.html
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.