CVE-2026-23555

Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get.

CVSS v3 7.1 HIGH

7.1^/10

CVSS v3 : HIGH

Vector :

Exploitability : 2.5 / Impact : 4.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://xenbits.xenproject.org/xsa/advisory-481.html
http://www.openwall.com/lists/oss-security/2026/03/17/7
http://xenbits.xen.org/xsa/advisory-481.html

Configurations

No configuration.

History

No history.

Information

Published : 2026-03-23 07:16

Updated : 2026-03-23 15:16

NVD link : CVE-2026-23555

Mitre link : CVE-2026-23555

CVE.ORG link : CVE-2026-23555

JSON object : View

Products Affected

No product.

CWE

CWE-617

Reachable Assertion

{"id": "CVE-2026-23555", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "LOCAL", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 2.5}]}, "published": "2026-03-23T07:16:07.330", "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-481.html", "source": "security@xen.org"}, {"url": "http://www.openwall.com/lists/oss-security/2026/03/17/7", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://xenbits.xen.org/xsa/advisory-481.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-617"}]}], "descriptions": [{"lang": "en", "value": "Any guest issuing a Xenstore command accessing a node using the\n(illegal) node path \"/local/domain/\", will crash xenstored due to a\nclobbered error indicator in xenstored when verifying the node path.\n\nNote that the crash is forced via a failing assert() statement in\nxenstored. In case xenstored is being built with NDEBUG #defined,\nan unprivileged guest trying to access the node path \"/local/domain/\"\nwill result in it no longer being serviced by xenstored, other guests\n(including dom0) will still be serviced, but xenstored will use up\nall cpu time it can get."}, {"lang": "es", "value": "Cualquier invitado que emita un comando de Xenstore accediendo a un nodo utilizando la ruta de nodo (ilegal) '/local/domain/', provocar\u00e1 la ca\u00edda de xenstored debido a un indicador de error sobrescrito en xenstored al verificar la ruta del nodo.\n\nTenga en cuenta que la ca\u00edda es forzada mediante una instrucci\u00f3n assert() fallida en xenstored. En caso de que xenstored se compile con NDEBUG #definido, un invitado sin privilegios que intente acceder a la ruta del nodo '/local/domain/' resultar\u00e1 en que ya no sea atendido por xenstored, otros invitados (incluido dom0) seguir\u00e1n siendo atendidos, pero xenstored consumir\u00e1 todo el tiempo de CPU que pueda obtener."}], "lastModified": "2026-03-23T15:16:32.237", "sourceIdentifier": "security@xen.org"}