CVE-2026-42488
Received Received - Intake
Shadow Paging Page-Table Corruption in Xen

Publication date: 2026-06-18

Last updated on: 2026-06-18

Assigner: Xen Project

Description
Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-18
Last Modified
2026-06-18
Generated
2026-06-19
AI Q&A
2026-06-18
EPSS Evaluated
N/A
NVD
CVE-2026-42488
EUVD
EUVD-2026-37891
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
xen xen From 4.15 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-119 The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability, identified as CVE-2026-42488 or XSA-494, occurs in Xen on x86 systems where shadow paging errors cause the page-tables to switch without updating the currently running vCPU reference.

This mismatch between the loaded page-tables and the mapcache metadata can lead to corruption of the mapcache.

The issue specifically affects 64-bit PV guests running in shadow mode, which can happen during guest migration or as a workaround for a previous vulnerability (XSA-273).

Impact Analysis

The vulnerability can lead to several serious impacts including privilege escalation, denial of service (DoS) affecting the entire host, and information leaks.

Privilege escalation means an attacker could gain higher access rights than intended.

Denial of service could disrupt the availability of the host system.

Information leaks could expose sensitive data.

Mitigation Strategies

To mitigate CVE-2026-42488, you should apply the available patches for your Xen version that address the mapcache metadata mismatch issue.

Additional mitigation strategies include running only HVM or PVH guests, or running PV guests in the PV shim, as the vulnerability can only be exploited by 64-bit PV guests running in shadow mode.

Compliance Impact

The provided information does not specify how CVE-2026-42488 affects compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-42488. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart