anonhaven
Ad

CVE-2026-23555

HIGH CVSS 3.1: 7.1 EPSS 0.02%
Updated Apr 10, 2026
Xen
Parameter Value
CVSS 7.1 (HIGH)
Affected Versions from 4.18.0
Type CWE-617
Vendor Xen
Public PoC No

Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get.

Attack Parameters

Attack Vector
Local
Requires local access
Attack Complexity
Low
Easy to exploit
Privileges Required
None
No privileges needed
User Interaction
None
No user interaction needed

Impact Assessment

Confidentiality
None
No data leak
Integrity
None
No data modification
Availability
High
Complete denial of service

CVSS Vector v3.1

Weakness Type (CWE)

CWE-617

Vulnerable Products 1

Configuration From (including) Up to (excluding)
Xen Xen
cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*
 4.18.0

References 3

https://xenbits.xenproject.org/xsa/advisory-481.html
security@xen.org
http://www.openwall.com/lists/oss-security/2026/03/17/7
af854a3a-2127-422b-91ae-364da2661108
http://xenbits.xen.org/xsa/advisory-481.html
af854a3a-2127-422b-91ae-364da2661108
Share Post Share Share Share

Related Vulnerabilities

CVE-2026-23554

Intel

7.8

CVE-2025-58149

Xen

7.5

CVE-2025-58148

Xen

7.5

CVE-2025-58147

Xen

7.5

CVE-2024-31144

Xen

3.8