Skip to main content

Xen Hypervisor CVE-2026-42489

CRITICAL
2026-06-09
Python Citrix Information Disclosure Suse
Share

Severity by source

SUSE
5.3 MEDIUM
AV:L/AC:H/PR:H/UI:N/S:C/C:N/I:N/A:H

Lifecycle Timeline

1
Analysis Generated
Jun 09, 2026 - 14:17 vuln.today

Description PRE-NVD

Disclosed via oss-security. NVD scoring and full description are pending.

Articles & Coverage 1

News Critical Denial of Service in Python via Xen domctl Lock Abuse - CVE-2026-42489 Jun 09, 2026

AnalysisAI

Denial of service against Xen host management is possible through deliberate abuse of the unfair domctl system-wide lock, affecting all Xen versions from 3.3 onwards. A less-privileged domain can monopolize the lock used to serialize guest creation and management operations, starving the control domain or equally/more-privileged entities of lock access and potentially rendering the entire host unmanageable. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain control of less-privileged Xen domain
Delivery
Issue rapid repeated domctl lock acquisition requests
Exploit
Win lock contention through unfair scheduling
Execution
Hold lock and starve control domain
Persist
Block legitimate guest management operations
Impact
Deny service to host management plane
Sign in to reveal

Vulnerability AssessmentAI

Exploitation The attacker must already control a domain on the target Xen host that has the ability to invoke domctl operations - this is not a zero-interaction remote attack. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment No CVSS score or vector was published with XSA-492, making quantitative risk comparison impossible. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with control of a less-privileged guest domain on a multi-tenant Xen host repeatedly and aggressively issues domctl operations to acquire the system-wide lock in a tight loop. Because the lock provides no fairness guarantees, the attacker's domain can continuously win lock contention, preventing the control domain from completing legitimate guest lifecycle operations such as creating, destroying, or migrating VMs, potentially causing a full host management DoS. …
Remediation Apply the XSA-492 patch set appropriate for the installed Xen branch, available for Xen 4.17.x through 4.21.x and xen-unstable via the Xen Security Advisory at https://seclists.org/oss-sec/2026/q2/858. … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all Xen deployments, document versions, and identify critical production hosts. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-48039 CRITICAL POC
9.1 Jun 11

Unauthenticated remote attackers can invoke MCP tool handlers and exfiltrate the operator's long-lived Meta Graph API ac
CVE-2026-53753 CRITICAL
9.8 Jun 16

Unauthenticated remote code execution in Crawl4AI versions <= 0.8.6 allows attackers to escape the AST-based sandbox in

CVE-2026-48519 CRITICAL
9.6 Jun 16

Remote code execution in Langflow versions through 1.9.1 allows unauthenticated attackers to execute arbitrary Python co
CVE-2026-45833 CRITICAL
9.4 Jun 12

Authenticated remote code execution in ChromaDB Python project versions 0.4.17 and later enables attackers holding the U
CVE-2026-47103 CRITICAL
9.3 Jun 17

Remote code execution in python-statemachine 3.0.0 through 3.1.x allows attackers to run arbitrary Python in the host pr

Vendor StatusVendor

SUSE

Severity: Medium
Product Status
SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS Affected
SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS Affected
SUSE Linux Enterprise Micro 5.5 Affected
SUSE Linux Enterprise Module for Basesystem 15 SP7 Affected
SUSE Linux Enterprise Server 15 SP7 Affected

Share

CVE-2026-42489 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy