Race Condition in Xen Hypervisor P2M Mapping (XSA-379/387)
CVE-2026-23558 Published on May 19, 2026
grant table v2 race in status page mapping
The adjustments made for XSA-379 as well as those subsequently becoming
XSA-387 still left a race window, when a HVM or PVH guest does a grant
table version change from v2 to v1 in parallel with mapping the status
page(s) via XENMEM_add_to_physmap. Some of the status pages may then be
freed while mappings of them would still be inserted into the guest's
secondary (P2M) page tables.
Vulnerability Analysis
CVE-2026-23558 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
What is a Race Condition Vulnerability?
The program contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.
CVE-2026-23558 has been classified to as a Race Condition vulnerability or weakness.
Products Associated with CVE-2026-23558
Want to know whenever a new CVE is published for Citrix Xen Xen? stack.watch will email you.
