CVE-2026-42487
HIGH SEVERITYCVSS Score & Metrics
Base Score
7.9 / 10
Vector String
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Vulnerability Description
HVM guest I/O port accesses are subject to either emulation or at least
translation. Translations are managed by the device model (via
XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed
at any time. Traversal of those lists (while handling guest I/O port
accesses) therefore needs synchronizing with updates, which was missing
so far.
translation. Translations are managed by the device model (via
XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed
at any time. Traversal of those lists (while handling guest I/O port
accesses) therefore needs synchronizing with updates, which was missing
so far.
Vulnerability Details
Published Date
Last Modified
CWE ID
CWE-362
Source
NVD
Vendor
Xen
Product
Xen
Discussion (0)
Add Comment
No comments yet. Be the first!