CVE Catalog

CVE-2026-42487

HighCVSS 7.9
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.10%

1th percentile — higher than 1% of all known CVEs

Summary

Access to HVM guest I/O ports is subject to emulation or at least translation, which requires synchronization with updates. The current implementation lacks synchronization when handling these accesses.

Risk Assessment

The lack of synchronization may lead to unpredictable system behavior, posing a risk of crashes or security breaches.

Recommendation

It is recommended to implement synchronization mechanisms when handling I/O port accesses to prevent potential issues related to list updates.

Original NVD description (English source)

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS