CVE-2026-23558

grant table v2 race in status page mapping

CVSS 7.8 HIGHEPSS 0.1%CWE-362

Vexday Risk Score

21Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 7.8EPSS 0.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

19 may 2026Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or PVH guest does a grant table version change from v2 to v1 in parallel with mapping the status page(s) via XENMEM_add_to_physmap. Some of the status pages may then be freed while mappings of them would still be inserted into the guest's secondary (P2M) page tables.

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Productos afectados

Xen · Xen

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://xenbits.xenproject.org/xsa/advisory-486.html http://www.openwall.com/lists/oss-security/2026/04/28/13 http://xenbits.xen.org/xsa/advisory-486.html