| Reporter | Title | Published | Views | Family All 48 |
|---|---|---|---|---|
| CVE-2026-42489 | 18 Jun 202613:47 | – | attackerkb | |
| CVE-2026-42490 | 18 Jun 202613:47 | – | attackerkb | |
| CVE-2026-42489 | 9 Jun 202613:32 | – | circl | |
| CVE-2026-42490 | 9 Jun 202613:32 | – | circl | |
| CVE-2026-42489 | 18 Jun 202613:47 | – | cve | |
| CVE-2026-42490 | 18 Jun 202613:47 | – | cve | |
| CVE-2026-42489 domctl lock open to abuse | 18 Jun 202613:47 | – | cvelist | |
| CVE-2026-42490 domctl lock open to abuse | 18 Jun 202613:47 | – | cvelist | |
| CVE-2026-42489 | 18 Jun 202613:47 | – | debiancve | |
| CVE-2026-42490 | 18 Jun 202613:47 | – | debiancve |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(320869);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/06/22");
script_cve_id("CVE-2026-42489", "CVE-2026-42490");
script_xref(name:"IAVB", value:"2026-B-0069");
script_xref(name:"IAVB", value:"2026-B-0151");
script_name(english:"Xen: domctl Lock Open to Abuse (XSA-492)");
script_set_attribute(attribute:"synopsis", value:
"The remote Xen hypervisor installation is missing a security update.");
script_set_attribute(attribute:"description", value:
"To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a
domain controlling a particular guest. Some of these operations may not be executed in parallel, so a system-wide lock
is used. The way that lock is acquired is, however, not providing any fairness. This is CVE-2026-42489. Furthermore,
with XSM/Flask in use, the lock acquire will, for some operations, occur ahead of any permission checking. This is
CVE-2026-42490. A less privileged entity may stall an equally or more privileged entity, potentially leading to a
Denial of Service (DoS) of up to the entire host.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://xenbits.xenproject.org/xsa/advisory-492.html");
script_set_attribute(attribute:"solution", value:
"Apply the appropriate patch according to the vendor advisory.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-42489");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2026-42490");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2026/06/09");
script_set_attribute(attribute:"patch_publication_date", value:"2026/06/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/06/12");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:xen:xen");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("xen_server_detect.nbin");
script_require_keys("installed_sw/Xen Hypervisor", "Settings/ParanoidReport");
exit(0);
}
include('vcf.inc');
include('vcf_extras.inc');
var fixes;
var app = 'Xen Hypervisor';
var app_info = vcf::xen_hypervisor::get_app_info(app:app);
if (report_paranoia < 2) audit(AUDIT_PARANOID);
fixes['4.17']['fixed_ver'] = '4.17.6';
fixes['4.17']['fixed_ver_display'] = '4.17.6 (changeset 2721263)';
fixes['4.17']['affected_ver_regex'] = "^4\.17\.";
fixes['4.17']['affected_changesets'] = make_list("0818baa", "9609fec",
"4aa3ccc", "ffc0d27", "53cd1f0", "a0119e1", "6789ab9", "d6d9f96",
"43013fe", "e4a65bd", "95bfcd4", "0a51498", "eb8153a", "037e662",
"fc4b442", "b08478b", "c5915a5", "4c11789", "caf651f", "550d632",
"7dedada", "7985e87", "db0c7c9", "57d0c0c", "2319a85", "ca4c5d8",
"36e6dcb", "a2bca55", "87567b0", "8f29c76", "8c80ec8");
fixes['4.18']['fixed_ver'] = '4.18.5';
fixes['4.18']['fixed_ver_display'] = '4.18.5 (changeset 28cef29)';
fixes['4.18']['affected_ver_regex'] = "^4\.18\.";
fixes['4.18']['affected_changesets'] = make_list("2c48c89", "4594a6b",
"3574299", "c5501d5", "8fe1695", "9abd848", "45d368d", "c76ed41",
"1f1cafe", "53ff970", "86dd2e3", "2fc05f3", "bc1a888", "12659bf",
"f91eab5", "64327f3", "3786cf1", "b471a84", "4ef23e6", "3f4d62d",
"581a10f", "dd781ac", "7f9ded3", "fcac058", "9f070ec", "4c88676",
"2c5f7fd", "8b8c324", "ec8251e", "d477525", "f196c2f", "502d206",
"343379c", "d15515f", "f6b0a04", "4112b5c", "8746612", "f0fcf69",
"d04a36f", "a52a373", "832ecbf", "9143406", "1ac5088", "c90cec6",
"46c0b23", "2102093", "de89b16", "aba830f", "5119086", "25a125c",
"13d3020", "d8cab42", "41b62f8", "82c302a", "b6266b2", "cd46db2",
"9c0becc", "9548f45", "2ec55f6", "df49dab", "709a223", "8b348e9",
"60820cd", "dcc9c3a", "43c513c", "8fc76b1", "e9d112e", "460ece3",
"438bb12", "0b8f769");
fixes['4.19']['fixed_ver'] = '4.19.5';
fixes['4.19']['fixed_ver_display'] = '4.19.5 (changeset 17bce44)';
fixes['4.19']['affected_ver_regex'] = "^4\.19\.";
fixes['4.19']['affected_changesets'] = make_list("923d698", "4618e73",
"7fcb12d", "c581c40", "5c86d12", "fc86e21", "2ff10f2", "3ca879f",
"d5f0523", "2ba1d54", "c49dc94", "a5b7170", "08afe7a", "3c45f67",
"f615fc1", "8f449eb", "27e32cc", "0ac3924", "792e70b", "e1eae71",
"8056c40", "7bcc106", "308be67", "7497e64", "60a2c34", "7a15cde");
fixes['4.20']['fixed_ver'] = '4.20.4';
fixes['4.20']['fixed_ver_display'] = '4.20.4-pre (changeset 4fab100)';
fixes['4.20']['affected_ver_regex'] = "^4\.20\.";
fixes['4.20']['affected_changesets'] = make_list("324d0ee", "c720b15",
"5f17064", "13865d7", "b8193cc", "c51d9a3", "d1ffc53", "1a7b04a",
"4e53d41", "f7ec26e", "e701842", "724f4f4", "2a50079", "aa133b1",
"c1c16ad", "634145d", "1927a7e", "493a937", "24ccd83", "6cf9b61",
"2abb8d0", "33a6d8a", "806c814", "ccac195", "ae41936", "0bd3ff8",
"04747ce", "8f981ab", "152183d", "4563f9c", "a99d160", "d006fa1",
"869ef9b", "937d1c7", "3ed365e", "51e0905", "cf3a174", "54ba668",
"207e11f", "5f70542", "ad5d955", "57db4b6", "ef5c706", "be6b618",
"d5c70a5", "c6d16eb", "92d668b", "1f067a8", "1648908", "491f661",
"928144f", "eb2c288", "05b8f71", "140d981", "0359ff3", "c2cb923",
"c1a7c61", "ce40b0b", "36366ff", "f1826fa", "b96452c", "5568870");
fixes['4.21']['fixed_ver'] = '4.21.2';
fixes['4.21']['fixed_ver_display'] = '4.21.2-pre (changeset fcccf99)';
fixes['4.21']['affected_ver_regex'] = "^4\.21\.";
fixes['4.21']['affected_changesets'] = make_list("1ea57a5", "e3b16b8",
"82887f1", "b48039e", "83f6441", "619b70f", "f1bbc00", "3941b2c",
"7073cc4", "15f385c", "d08d614", "a0e384c", "b9aebf7", "ab63ab5",
"06ca3be", "7dff06d", "e772f8d", "1874bf7", "8d2ffa5", "4ac1fc0",
"1b251cc", "4989714", "9a0327b", "647e362", "04db4dc", "4d6e6ed",
"3928945", "02bcb4e", "16e9e62", "ed13b64", "3db23df", "7372aca",
"fd2ccd7", "3dccad5", "1ae7e08", "9358a20", "a8e8541", "13ca96c",
"00496ab", "032d39f", "8af05b4", "0d8b25d", "43e32ae", "f732e91",
"17a7843", "54db249", "27748a7", "2d1a11a", "76b359a", "9c79644",
"6b8be12", "b2352be", "8f3dcdc", "afb919f", "f35f0ac", "c9ba169",
"feb9949", "e2981e0", "761aba9", "a011ca9", "8482a1c", "b3c4a20",
"aaa03d4", "646bcc1", "d174a86", "fa82d4f");
vcf::xen_hypervisor::check_version_and_report(app_info:app_info, fixes:fixes, severity:SECURITY_WARNING);
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation