x86 HVM I/O port list traversal [XSA-491, CVE-2026-42487] domctl lock open to abuse [XSA-492, CVE-2026-42489, CVE-2026-42490] Arm: Completion of memory accesses not guaranteed by completion of a TLBI [XSA-493, CVE-2025-10263] x86: mismatched mapcache metadata [XSA-494, CVE-2026-42488]

Source: Fedora 44 Xen Critical Security Issues Update 2026-24b84f97af