CVE-2026-42487

HVM guest I/O port accesses are subject to either emulation or at least translation. Translations are managed by the device model (via XEN_DOMCTL_ioport_mapping), and hence the linked list used may changed at any time. Traversal of those lists (while handling guest I/O port accesses) therefore needs synchronizing with updates, which was missing so far.
Configurations

No configuration.

History

18 Jun 2026, 16:16

Type Values Removed Values Added
New CVE

Information

Published : 2026-06-18 14:17

Updated : 2026-06-22 18:38


NVD link : CVE-2026-42487

Mitre link : CVE-2026-42487

CVE.ORG link : CVE-2026-42487


JSON object : View

Products Affected

No product.

CWE
CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')