VSA-2026-020: x86 mismatched mapcache metadata (XSA-494)
| Published | Updated | Severity | CVSS 4.0 | Affected products |
|---|---|---|---|---|
| 2026-06-10 | 2026-06-10 | ⚪ N/A | Not available yet | - None (PV only) |
The Xen project recently disclosed a vulnerability affecting various versions of the Xen hypervisor and published XSA-494. For Vates products, there is no impact as PV guests are not supported, For details on how we assign severity levels, see our Severity Levels Explained page.
Summary
Some shadow paging error paths will switch the page-tables without updating the currently running vCPU reference. This causes a mismatch between the loaded page-tables and the mapcache metadata which can lead to corruption of the mapcache.
Impact
No impact for XCP-ng.
Affected Versions
- XCP-ng 8.3: Not affected as neither PV guests nor shadow paging are supported, PV-shim (PV-in-PVH) is not affected.
Mitigation
None needed.
Resolution
Although this advisory does not affect any Vates products, the fix was backported and as of 2026-06-10, the updated xen-* packages for XCP-ng 8.3 include the fix:
List of packages fixing this issue:
- XCP-ng 8.3:
xen-4.17.6-9.2.xcpng8.3
Credits
This issue was discovered by Roger Pau Monné of XenServer.