Is Intel affected by CVE-2026-23554?

Organizations using Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock face notable risk from CVE-2026-23554 rated CVSS 7.8. Exploitation could compromise the security of affected deployments.

CVE-2026-23554

EUVD-2026-14382 HIGH

2026-03-23 XEN

GHSA-h6vw-38xq-3xwx

7.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Patch Released

Mar 31, 2026 - 21:13 nvd

Patch available

EUVD ID Assigned

Mar 23, 2026 - 07:15 euvd

EUVD-2026-14382

Analysis Generated

Mar 23, 2026 - 07:15 vuln.today

CVE Published

Mar 23, 2026 - 06:56 nvd

HIGH 7.8

Description

The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions.

Analysis

This vulnerability in Intel EPT (Extended Page Tables) paging code within Xen allows information disclosure through a use-after-free condition in cached EPT state management. When paging structures are freed before cached EPT state is flushed, stale entries can persist in the EPT cache pointing to memory ranges outside the guest's intended ownership, enabling unauthorized memory access. …

Remediation

Within 7 days: Identify all affected systems and apply vendor patches promptly. Monitor vendor channels for patch availability.

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.0

CVSS: +39

POC: 0

Vendor Status

Ubuntu

Priority: Medium

xen

Release	Status	Version
xenial	needs-triage	-
bionic	needs-triage	-
focal	needs-triage	-
jammy	needs-triage	-
noble	needs-triage	-
questing	needs-triage	-
upstream	needs-triage	-

Debian

xen

Release	Status	Fixed Version	Urgency
bullseye	not-affected	-	-
bullseye (security)	fixed	4.14.5+94-ge49571868d-1	-
bookworm, bookworm (security)	vulnerable	4.17.5+72-g01140da4e8-1	-
trixie	vulnerable	4.20.2+37-g61ff35323e-0+deb13u1	-
trixie (security)	vulnerable	4.20.2+7-g1badcf5035-0+deb13u1	-
forky, sid	vulnerable	4.20.2+37-g61ff35323e-1	-
(unstable)	fixed	(unfixed)	-

CVE-2026-23554 vulnerability details – vuln.today

Back

CVE-2026-23554

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Analysis

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

CVE-2026-23554

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Remediation

Full analysis requires sign-in

Priority Score

Vendor Status

Ubuntu

Debian

Share

External POC / Exploit Code