6.5

CVE-2026-23557

Xenstored DoS via XS_RESET_WATCHES command

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES
command within a transaction due to an assert() triggering.

In case xenstored was built with NDEBUG #defined nothing bad will
happen, as assert() is doing nothing in this case. Note that the
default is not to define NDEBUG for xenstored builds even in release
builds of Xen.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
XenXen Version >= 4.2.0
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.16% 0.053
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.5 2 4
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-617 Reachable Assertion

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

https://xenbits.xenproject.org/xsa/advisory-484.html
Patch
Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/04/28/11
Patch
Third Party Advisory
Mailing List
http://xenbits.xen.org/xsa/advisory-484.html
Patch
Vendor Advisory