Main Vulnerability Database Vulnerabilities #VU134010

Improper control of a resource through its lifetime in Xen - CVE-2026-42488

Published: June 9, 2026

Vulnerability identifier: #VU134010

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2026-42488

CWE-ID: CWE-664

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Xen Project

Affected software:
Xen

Detailed vulnerability description

The vulnerability allows a local user to escalate privileges, cause a denial of service, or disclose sensitive information.

The vulnerability exists due to improper state management in the x86 shadow paging mapcache metadata handling when switching page tables on certain shadow paging error paths. A local user can trigger the affected shadow mode conditions from a 64-bit PV guest to escalate privileges, cause a denial of service, or disclose sensitive information.

Only x86 systems are affected, and exploitation is possible only from 64-bit PV guests running in shadow mode.

How to mitigate CVE-2026-42488

Install security update from vendor's website.

Sources

https://xenbits.xen.org/xsa/advisory-494.html

Improper control of a resource through its lifetime in Xen - CVE-2026-42488

Detailed vulnerability description

How to mitigate CVE-2026-42488

Sources

Please verify you're human