{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23555", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "state": "PUBLISHED", "assignerShortName": "XEN", "dateReserved": "2026-01-14T13:07:36.961Z", "datePublished": "2026-03-23T06:57:07.653Z", "dateUpdated": "2026-03-23T14:14:02.810Z"}, "containers": {"cna": {"title": "Xenstored DoS by unprivileged domain", "datePublic": "2026-03-17T12:00:00.000Z", "descriptions": [{"lang": "en", "value": "Any guest issuing a Xenstore command accessing a node using the\n(illegal) node path \"/local/domain/\", will crash xenstored due to a\nclobbered error indicator in xenstored when verifying the node path.\n\nNote that the crash is forced via a failing assert() statement in\nxenstored. In case xenstored is being built with NDEBUG #defined,\nan unprivileged guest trying to access the node path \"/local/domain/\"\nwill result in it no longer being serviced by xenstored, other guests\n(including dom0) will still be serviced, but xenstored will use up\nall cpu time it can get."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Any unprivileged domain can cause xenstored to crash, causing a\nDoS (denial of service) for any Xenstore action. This will result\nin an inability to perform further domain administration on the host.\n\nIn case xenstored has been built with NDEBUG defined, an unprivileged\ndomain can force xenstored to be 100% busy, but without harming\nxenstored functionality for other guests otherwise."}]}], "affected": [{"defaultStatus": "unknown", "product": "Xen", "vendor": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-481"}]}], "configurations": [{"lang": "en", "value": "All Xen systems from Xen 4.18 onwards are vulnerable. Systems up to\nXen 4.17 are not vulnerable.\n\nSystems using the C variant of xenstored are vulnerable. Systems using\nxenstore-stubdom or the OCaml variant of Xenstore (oxenstored) are not\nvulnerable."}], "workarounds": [{"lang": "en", "value": "There is no known mitigation available."}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Marek Marczykowski-G\u00f3reckiof\nInvisible Things Lab."}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-481.html"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2026-03-23T06:57:07.653Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/17/7"}, {"url": "http://xenbits.xen.org/xsa/advisory-481.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-23T07:32:28.482Z"}}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-617", "lang": "en", "description": "CWE-617 Reachable Assertion"}]}], "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-23T14:11:41.150968Z", "id": "CVE-2026-23555", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:14:02.810Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/03/17/7"}, {"url": "http://xenbits.xen.org/xsa/advisory-481.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-23T07:32:28.482Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-23555", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-23T14:11:41.150968Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-617", "description": "CWE-617 Reachable Assertion"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-23T14:13:08.843Z"}}], "cna": {"title": "Xenstored DoS by unprivileged domain", "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Marek Marczykowski-G\u00f3reckiof\nInvisible Things Lab."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Any unprivileged domain can cause xenstored to crash, causing a\nDoS (denial of service) for any Xenstore action. This will result\nin an inability to perform further domain administration on the host.\n\nIn case xenstored has been built with NDEBUG defined, an unprivileged\ndomain can force xenstored to be 100% busy, but without harming\nxenstored functionality for other guests otherwise."}]}], "affected": [{"vendor": "Xen", "product": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-481"}], "defaultStatus": "unknown"}], "datePublic": "2026-03-17T12:00:00.000Z", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-481.html"}], "workarounds": [{"lang": "en", "value": "There is no known mitigation available."}], "descriptions": [{"lang": "en", "value": "Any guest issuing a Xenstore command accessing a node using the\n(illegal) node path \"/local/domain/\", will crash xenstored due to a\nclobbered error indicator in xenstored when verifying the node path.\n\nNote that the crash is forced via a failing assert() statement in\nxenstored. In case xenstored is being built with NDEBUG #defined,\nan unprivileged guest trying to access the node path \"/local/domain/\"\nwill result in it no longer being serviced by xenstored, other guests\n(including dom0) will still be serviced, but xenstored will use up\nall cpu time it can get."}], "configurations": [{"lang": "en", "value": "All Xen systems from Xen 4.18 onwards are vulnerable. Systems up to\nXen 4.17 are not vulnerable.\n\nSystems using the C variant of xenstored are vulnerable. Systems using\nxenstore-stubdom or the OCaml variant of Xenstore (oxenstored) are not\nvulnerable."}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2026-03-23T06:57:07.653Z"}}}, "cveMetadata": {"cveId": "CVE-2026-23555", "state": "PUBLISHED", "dateUpdated": "2026-03-23T14:14:02.810Z", "dateReserved": "2026-01-14T13:07:36.961Z", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "datePublished": "2026-03-23T06:57:07.653Z", "assignerShortName": "XEN"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Any guest issuing a Xenstore command accessing a node using the\n(illegal) node path \"/local/domain/\", will crash xenstored due to a\nclobbered error indicator in xenstored when verifying the node path.\n\nNote that the crash is forced via a failing assert() statement in\nxenstored. In case xenstored is being built with NDEBUG #defined,\nan unprivileged guest trying to access the node path \"/local/domain/\"\nwill result in it no longer being serviced by xenstored, other guests\n(including dom0) will still be serviced, but xenstored will use up\nall cpu time it can get."}], "id": "CVE-2026-23555", "lastModified": "2026-03-23T15:16:32.237", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 2.5, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-23T07:16:07.330", "references": [{"source": "security@xen.org", "url": "https://xenbits.xenproject.org/xsa/advisory-481.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/03/17/7"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/xsa/advisory-481.html"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-617"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "unknown", "versions": {"scheme": "generic", "value": "consult Xen advisory XSA-481"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Xen", "source": "cna", "vendor": "Xen"}, "product": "xen", "vendor": "xen"}], "analysis": {"en": {"generated_at": "2026-03-23T16:22:20.292745+00:00", "value": {"mitigation_remediation": ["Check for XSA-481 patch or an updated Xen release that addresses the xenstored crash.", "Verify current Xen version and monitor vendor advisories for a fix.", "If a patch is not yet available, monitor xenstored CPU usage and service availability for signs of DoS.", "Consider restricting Xenstore access from unprivileged guests or disabling the vulnerable node path if possible.", "Apply general best practices: keep Xen up to date, restrict guest permissions, and monitor system logs for xenstored anomalies."], "summary": {"action": "Assess Impact", "impact": "Denial of Service"}, "threat_synthesis": {"affected_systems": "This vulnerability affects Xen virtualization products from the Xen vendor. No specific version information is published, so all current Xen releases may be impacted until a patch is released.", "description_and_impact": "The flaw allows an unprivileged guest to issue a Xenstore command that accesses the node path \"/local/domain/\", an illegal path. This triggers a crash in xenstored as it clobbers an error indicator while verifying the node path, causing a failing assert(). In builds where NDEBUG is defined, the crash does not terminate xenstored but forces it to consume all available CPU time, effectively denying service to the Xenstore daemon. The weakness is a classic assertion fault, identified as CWE\u2011617.", "risk_and_exploitability": "The CVSS score of 7.1 indicates a medium to high severity. The EPSS score is below 1%, suggesting low exploitation likelihood, and the vulnerability is not listed in CISA's KEV catalog. The attack requires an unprivileged guest within the same Xen environment to trigger the node path access, meaning the vector is local to the guest rather than external. If an attacker gains the ability to submit Xenstore requests, they can force xenstored into a DoS state, degrading the entire virtualized host."}}}}, "created": "2026-03-24T10:34:55.834088+00:00", "updated": "2026-03-25T14:49:33.155118+00:00", "vendors": ["xen", "xen$PRODUCT$xen"]}