Description
Some shadow paging errors paths will switch the page-tables without
updating the currently running vCPU reference. This causes a mismatch
between the loaded page-tables and the mapcache metadata which can lead
to corruption of the mapcache.
Published: 2026-06-18
Score: 8.1 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Shadow paging errors in the Xen hypervisor can switch page tables without updating the running virtual CPU reference. The resulting mismatch between loaded page tables and mapcache metadata can corrupt the mapcache, potentially leading to loss of data integrity or hypervisor instability. This flaw aligns with CWE‑119 (Buffer Correctness).

Affected Systems

The vulnerability affects the Xen hypervisor, specifically any Xen build that implements the described shadow paging paths. No specific version range is provided, so all current Xen deployments that contain these code paths are potentially impacted.

Risk and Exploitability

The CVSS score of 8.1 indicates high severity. Exploitation would likely require an attacker to control a guest VM that can trigger the shadow paging bug; the EPSS score is currently unavailable, so the likelihood of real‑world exploitation is unknown. The vulnerability is not listed in CISA’s KEV catalog. Users can mitigate by limiting guest types to HVM or PVH, or by running PV guests in the PV shim as provided by Xen. Failure to mitigate may leave the hypervisor prone to corruption when the bug is triggered.

Generated by OpenCVE AI on June 18, 2026 at 18:28 UTC.

Remediation

Vendor Workaround

Running only HVM or PVH guests will avoid the vulnerability. Running PV guests in the PV shim will also avoid the vulnerability.

OpenCVE Recommended Actions

  • Upgrade to the latest Xen hypervisor release that includes the CVE‑2026‑42488 fix
  • If a patch is not available, only run HVM or PVH guests; avoid running guests that rely on the vulnerable PV path
  • Run PV guests inside the PV shim to prevent the page‑table mismatch from occurring
  • Continuously monitor hypervisor logs for repeated mapcache corruption events to confirm mitigation effectiveness

Generated by OpenCVE AI on June 18, 2026 at 18:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 18 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description Some shadow paging errors paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache.
Title x86: mismatched mapcache metadata
Weaknesses CWE-119
References
Metrics cvssV3_1

{'score': 8.1, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: XEN

Published:

Updated: 2026-06-18T15:07:35.190Z

Reserved: 2026-04-27T14:20:24.138Z

Link: CVE-2026-42488

cve-icon Vulnrichment

Updated: 2026-06-18T15:07:35.190Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T18:30:15Z

Weaknesses
  • CWE-119

    Improper Restriction of Operations within the Bounds of a Memory Buffer