CVE-2026-23554
Description
The Intel EPT paging code uses an optimization to defer flushing of any cachedEPT state until the p2m lock is dropped, so that multiple modifications doneunder the same locked region only issue a single flush.Freeing of paging structures however is not deferred until the flushing isdone, and can result in freed pages transiently being present in cached state.Such stale entries can point to memory ranges not owned by the guest, thusallowing access to unintended memory regions.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.017
Associated Vulnerability
No records foundPatch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234