CVE-2026-42488

EUVD-2026-37891
Some shadow paging errors paths will switch the page-tables without
updating the currently running vCPU reference.  This causes a mismatch
between the loaded page-tables and the mapcache metadata which can lead
to corruption of the mapcache.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.1 HIGH
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
vulnerable
bookworm (security)
vulnerable
bullseye
vulnerable
bullseye (security)
vulnerable
forky
vulnerable
sid
vulnerable
trixie
vulnerable
trixie (security)
vulnerable
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
xen
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
questing
needs-triage
resolute
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://xenbits.xenproject.org/xsa/advisory-494.html
http://www.openwall.com/lists/oss-security/2026/06/09/14
http://xenbits.xen.org/xsa/advisory-494.html