CVE-2026-23554
β οΈ highSummary
The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, so that multiple modifications done under the same locked region only issue a single flush. Freeing of paging structures however is not deferred until the flushing is done, and can result in freed pages transiently being present in cached state. Such stale entries can point to memory ranges not owned by the guest, thus allowing access to unintended memory regions.
CVSS Score
7.8
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-23
First Seen: 2026-03-24
π Relative Risk Intelligence
This CVE is Moderate Risk - more severe than 69.7% of all 321,566 vulnerabilities in our database.
#97,378
Above average severity
Severity Percentile
π― CISA SSVC Assessment Updated: Mar 23, 2026
π Exploitation Status
None
No known exploits
βοΈ Automatable
NO
Requires human interaction
π₯ Technical Impact
Total
Complete system compromise possible
π Discovered By
This issue was discovered by Roger Pau MonnΓ© of XenServer.
SSVC data provided by
CISA
Last Modified
2026-04-10
Source
NVD π
CVSS Vector 3.1
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE IDs (Weakness Types)