CVE-2026-23554 in XenИнформация

Сводка

по MITRE • 23.03.2026

The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush.

Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions.

Be aware that VulDB is the high quality source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Раскрытие

23.03.2026

Модерация

принято

Вход

VDB-351512

CPE

готов

CWE

CWE-416 (Подтверждённый)

CVSS

8.0 (VulDB)

EPSS

0.00005

KEV

Нет

Деятельности

Очень низкий

Сектор

Hostingprovider, Chemical, ...

Источники

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-23554
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-23554
CVE Details	https://www.cvedetails.com/cve/CVE-2026-23554/

◂ Предыдущий Обзор Далее ▸

Do you need the next level of professionalism?

Upgrade your account now!