Xen Security: Multiple XSA/CVE Issues in Xen, Linux Xen Drivers and XAPI

A computer security forum focused on cybersecurity, system hardening, network protection, vulnerability analysis, privacy, and best practices for securing servers, applications, and infrastructure.
Forum rules
Post Reply
NetGuru
Posts: 33
Joined: Thu Apr 23, 2026 5:29 pm

Xen Security: Multiple XSA/CVE Issues in Xen, Linux Xen Drivers and XAPI

Post by NetGuru »

Xen Security Advisories April 2026: Multiple XSA/CVE Issues in Xen, Linux Xen Drivers and XAPI

Overview

On 28 April 2026, several new Xen Security Advisories were published. These advisories affect different parts of the Xen ecosystem: the Xen hypervisor itself, xenstored/oxenstored, Linux Xen-related drivers, and XAPI.

This is important for VPS providers, hosting platforms, cloud environments, and administrators running Xen-based virtualization.

Official advisory list:
https://xenbits.xen.org/xsa/

---

Affected advisories and CVEs
  • XSA-489 – Multiple RBAC issues in XAPI
    • CVE-2026-23559
    • CVE-2026-23560
    • CVE-2026-23561
    • CVE-2026-23562
    • CVE-2026-42486
  • XSA-488 – x86: Floating Point Divider State Sampling
    • CVE-2025-54505
  • XSA-487 – Linux kernel double free in Xen privcmd driver
    • CVE-2026-31787
  • XSA-486 – grant table v2 race in status page mapping
    • CVE-2026-23558
  • XSA-485 – Linux kernel out of bounds read via Xen-related
login to view the rest of this post
Top
Post Reply

Return to “Security”