CVE-2026-42487
HighCVSS 7.9Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
Access to HVM guest I/O ports is subject to emulation or at least translation, which requires synchronization with updates. The current implementation lacks synchronization when handling these accesses.
Risk Assessment
The lack of synchronization may lead to unpredictable system behavior, posing a risk of crashes or security breaches.
Recommendation
It is recommended to implement synchronization mechanisms when handling I/O port accesses to prevent potential issues related to list updates.
Original NVD description (English source)
HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far.

