{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-23557", "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "state": "PUBLISHED", "assignerShortName": "XEN", "dateReserved": "2026-01-14T13:07:36.961Z", "datePublished": "2026-05-19T12:49:42.202Z", "dateUpdated": "2026-05-19T13:06:41.611Z"}, "containers": {"cna": {"title": "Xenstored DoS via XS_RESET_WATCHES command", "datePublic": "2026-04-28T12:00:00.000Z", "descriptions": [{"lang": "en", "value": "Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\ncommand within a transaction due to an assert() triggering.\n\nIn case xenstored was built with NDEBUG #defined nothing bad will\nhappen, as assert() is doing nothing in this case. Note that the\ndefault is not to define NDEBUG for xenstored builds even in release\nbuilds of Xen."}], "impacts": [{"descriptions": [{"lang": "en", "value": "Any unprivileged domain can cause xenstored to crash, causing a\nDoS (denial of service) for any Xenstore action. This will result\nin an inability to perform further domain administration on the host."}]}], "affected": [{"defaultStatus": "unknown", "product": "Xen", "vendor": "Xen", "versions": [{"status": "unknown", "version": "consult Xen advisory XSA-484"}]}], "configurations": [{"lang": "en", "value": "All Xen systems from Xen 4.2 onwards are vulnerable. Systems up to\nXen 4.1 are not vulnerable.\n\nSystems using the C variant of xenstored or xenstore-stubdom built\nwithout NDEBUG are vulnerable. Systems using the OCaml variant of\nXenstore (oxenstored), or the C variant (xenstored or xenstore-stubdom)\nbuilt with NDEBUG defined are not vulnerable."}], "workarounds": [{"lang": "en", "value": "There is no known mitigation available."}], "credits": [{"lang": "en", "type": "finder", "value": "This issue was discovered by Andrii Sultanov of Vates."}], "references": [{"url": "https://xenbits.xenproject.org/xsa/advisory-484.html"}], "providerMetadata": {"orgId": "23aa2041-22e1-471f-9209-9b7396fa234f", "shortName": "XEN", "dateUpdated": "2026-05-19T12:49:42.202Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "http://www.openwall.com/lists/oss-security/2026/04/28/11"}, {"url": "http://xenbits.xen.org/xsa/advisory-484.html"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-05-19T13:06:41.611Z"}}]}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\ncommand within a transaction due to an assert() triggering.\n\nIn case xenstored was built with NDEBUG #defined nothing bad will\nhappen, as assert() is doing nothing in this case. Note that the\ndefault is not to define NDEBUG for xenstored builds even in release\nbuilds of Xen."}], "id": "CVE-2026-23557", "lastModified": "2026-05-19T14:16:38.817", "metrics": {}, "published": "2026-05-19T14:16:38.817", "references": [{"source": "security@xen.org", "url": "https://xenbits.xenproject.org/xsa/advisory-484.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2026/04/28/11"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://xenbits.xen.org/xsa/advisory-484.html"}], "sourceIdentifier": "security@xen.org", "vulnStatus": "Received"}

{}

{}