CVE Catalog

CVE-2026-42489

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.08%

0th percentile — higher than 0% of all known CVEs

Summary

CVE-2026-42489 concerns the lack of fairness in the way system-wide locks are acquired during domctl operations, which may lead to issues with parallel execution of these operations.

Risk Assessment

The lack of fairness in lock acquisition can lead to bottlenecks in the system, affecting the performance and stability of the virtual environment.

Recommendation

It is recommended to review and modify the lock acquisition mechanism to ensure fair resource allocation for domctl operations.

Original NVD description (English source)

[This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] To create and manage guests, domctl operations are used by the control domain, a possible Xenstore domain, or by a domain controlling a particular guest. Some of these operations may not be executed in parallel, so a system-wide lock is used. The way that lock is acquired is, however, not providing any fairness. This is CVE-2026-42489. Furthermore, with XSM/Flask in use, the lock acquire will, for some operations, occur ahead of any permission checking. This is CVE-2026-42490.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS