Vulnerability-Lookup

GHSA-9879-VJ7M-R497

Vulnerability from github – Published: 2026-05-19 15:31 – Updated: 2026-05-19 18:32

Details

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.

In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.

Severity

6.5 (Medium)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2026-23557"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-617"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2026-05-19T14:16:38Z",
    "severity": "MODERATE"
  },
  "details": "Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\ncommand within a transaction due to an assert() triggering.\n\nIn case xenstored was built with NDEBUG #defined nothing bad will\nhappen, as assert() is doing nothing in this case. Note that the\ndefault is not to define NDEBUG for xenstored builds even in release\nbuilds of Xen.",
  "id": "GHSA-9879-vj7m-r497",
  "modified": "2026-05-19T18:32:08Z",
  "published": "2026-05-19T15:31:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-23557"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xenproject.org/xsa/advisory-484.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2026/04/28/11"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-484.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

CVE-2026-23557 (GCVE-0-2026-23557)

Vulnerability from cvelistv5 – Published: 2026-05-19 12:49 – Updated: 2026-05-19 14:42

Title

Xenstored DoS via XS_RESET_WATCHES command

Summary

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.

Severity

6.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CWE

CWE-617 - Reachable Assertion

Assigner

XEN

References

1 reference

URL	Tags
https://xenbits.xenproject.org/xsa/advisory-484.html

Impacted products

1 product

Vendor	Product	Version
Xen	Xen	Unknown: consult Xen advisory XSA-484

Date Public

2026-04-28 12:00

Credits

This issue was discovered by Andrii Sultanov of Vates.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-19T13:06:41.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/04/28/11"
          },
          {
            "url": "http://xenbits.xen.org/xsa/advisory-484.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 6.5,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "LOW",
              "scope": "CHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-23557",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-19T14:42:12.994792Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-617",
                "description": "CWE-617 Reachable Assertion",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-19T14:42:45.464Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "product": "Xen",
          "vendor": "Xen",
          "versions": [
            {
              "status": "unknown",
              "version": "consult Xen advisory XSA-484"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "All Xen systems from Xen 4.2 onwards are vulnerable. Systems up to\nXen 4.1 are not vulnerable.\n\nSystems using the C variant of xenstored or xenstore-stubdom built\nwithout NDEBUG are vulnerable. Systems using the OCaml variant of\nXenstore (oxenstored), or the C variant (xenstored or xenstore-stubdom)\nbuilt with NDEBUG defined are not vulnerable."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "This issue was discovered by Andrii Sultanov of Vates."
        }
      ],
      "datePublic": "2026-04-28T12:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES\ncommand within a transaction due to an assert() triggering.\n\nIn case xenstored was built with NDEBUG #defined nothing bad will\nhappen, as assert() is doing nothing in this case. Note that the\ndefault is not to define NDEBUG for xenstored builds even in release\nbuilds of Xen."
        }
      ],
      "impacts": [
        {
          "descriptions": [
            {
              "lang": "en",
              "value": "Any unprivileged domain can cause xenstored to crash, causing a\nDoS (denial of service) for any Xenstore action. This will result\nin an inability to perform further domain administration on the host."
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-19T12:49:42.202Z",
        "orgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
        "shortName": "XEN"
      },
      "references": [
        {
          "url": "https://xenbits.xenproject.org/xsa/advisory-484.html"
        }
      ],
      "title": "Xenstored DoS via XS_RESET_WATCHES command",
      "workarounds": [
        {
          "lang": "en",
          "value": "There is no known mitigation available."
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "23aa2041-22e1-471f-9209-9b7396fa234f",
    "assignerShortName": "XEN",
    "cveId": "CVE-2026-23557",
    "datePublished": "2026-05-19T12:49:42.202Z",
    "dateReserved": "2026-01-14T13:07:36.961Z",
    "dateUpdated": "2026-05-19T14:42:45.464Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

GHSA-9879-VJ7M-R497

CVE-2026-23557 (GCVE-0-2026-23557)

Tags

Sightings

Nomenclature