x86: mismatched mapcache metadata

CVE	CVE-2026-42488
State	PUBLISHED
Assigner	XEN
Source Priority	CVE Program / NVD first with legacy fallback
Published	2026-06-18 14:17:25 UTC
Updated	2026-06-18 16:16:53 UTC
Description	Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache.

Primary CVSS: v3.1 8.1 HIGH from ADP

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Problem Types: CWE-119 | CWE-119 CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

Version	Source	Type	Score	Severity	Vector
3.1	ADP	DECLARED	8.1	HIGH	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`
3.1	134c704f-9b21-4f2e-91b3-4a467353bcc0	Secondary	8.1	HIGH	`CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H`

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Source	Vendor	Product	Version	Platforms
CNA	Xen	Xen	unknown consult Xen advisory XSA-494	Not specified

Reference	Source	Link	Tags
xenbits.xenproject.org/xsa/advisory-494.html	[email protected]	xenbits.xenproject.org
www.openwall.com/lists/oss-security/2026/06/09/14	af854a3a-2127-422b-91ae-364da2661108	www.openwall.com
xenbits.xen.org/xsa/advisory-494.html	af854a3a-2127-422b-91ae-364da2661108	xenbits.xen.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

CNA: This issue was discovered by Roger Pau Monné of XenServer. (en)

CNA: Running only HVM or PVH guests will avoid the vulnerability. Running PV guests in the PV shim will also avoid the vulnerability.

There are currently no legacy QID mappings associated with this CVE.