Skip to main content

Xen Hypervisor CVE-2026-42487

HIGH
2026-06-09
Denial Of Service Privilege Escalation Suse
Share

Severity by source

SUSE PRIMARY
7.8 HIGH
AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from SUSE · only source for this CVE.

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 14:18 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

AnalysisAI

Unsynchronized traversal of HVM I/O port translation linked lists in the Xen hypervisor on x86 systems exposes a race condition exploitable by a compromised or malicious device model. The hypervisor manages I/O port translations via a linked list modified by the device model through XEN_DOMCTL_ioport_mapping; because traversal of that list during I/O port handling was never synchronized against concurrent modifications, a racing update can corrupt traversal state. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Compromise or operate HVM device model
Delivery
Issue concurrent XEN_DOMCTL_ioport_mapping updates
Exploit
Race hypervisor I/O port list traversal
Execution
Trigger use-after-free or corrupt pointer dereference
Persist
Crash hypervisor kernel
Impact
Host-wide denial of service affecting all VMs
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Exploitation requires that the attacker already controls a HVM guest's device model process - specifically one running in a stub domain or operating de-privileged within Dom0. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS vector or EPSS score was provided for this CVE, so quantitative risk scoring cannot be applied - this is explicitly a gap in the available data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker who controls a HVM guest's device model - for example, through a vulnerability in QEMU running de-privileged in Dom0 - repeatedly issues XEN_DOMCTL_ioport_mapping calls to modify the I/O port translation linked list while the hypervisor is concurrently traversing that list in response to guest I/O port activity. The resulting race condition produces a corrupted or freed pointer dereference inside the hypervisor, crashing it and taking down all virtual machines on the physical host. …
Remediation Apply the XSA-491 patches distributed by the Xen Project: xsa491-4.21.patch targets Xen 4.17.x through 4.21.x stable branches, and xsa491.patch targets xen-unstable. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

24 hours: Audit all Xen hypervisor instances in production environments; document host counts, versions, and role of each deployment (development, staging, production). …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Vendor StatusVendor

SUSE

Severity: Important
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Fixed
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Fixed
SUSE Linux Enterprise Micro 5.5 Fixed
SUSE Linux Enterprise Server 15 SP5-LTSS Fixed
SUSE Linux Enterprise Server 15 SP6-LTSS Fixed

Share

CVE-2026-42487 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy