Description
Any guest issuing a Xenstore command accessing a node using the
(illegal) node path "/local/domain/", will crash xenstored due to a
clobbered error indicator in xenstored when verifying the node path.

Note that the crash is forced via a failing assert() statement in
xenstored. In case xenstored is being built with NDEBUG #defined,
an unprivileged guest trying to access the node path "/local/domain/"
will result in it no longer being serviced by xenstored, other guests
(including dom0) will still be serviced, but xenstored will use up
all cpu time it can get.
Published: 2026-03-23
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: Denial of Service
Action: Assess Impact
AI Analysis

Impact

The flaw allows an unprivileged guest to issue a Xenstore command that accesses the node path "/local/domain/", an illegal path. This triggers a crash in xenstored as it clobbers an error indicator while verifying the node path, causing a failing assert(). In builds where NDEBUG is defined, the crash does not terminate xenstored but forces it to consume all available CPU time, effectively denying service to the Xenstore daemon. The weakness is a classic assertion fault, identified as CWE‑617.

Affected Systems

This vulnerability affects Xen virtualization products from the Xen vendor. No specific version information is published, so all current Xen releases may be impacted until a patch is released.

Risk and Exploitability

The CVSS score of 7.1 indicates a medium to high severity. The EPSS score is below 1%, suggesting low exploitation likelihood, and the vulnerability is not listed in CISA's KEV catalog. The attack requires an unprivileged guest within the same Xen environment to trigger the node path access, meaning the vector is local to the guest rather than external. If an attacker gains the ability to submit Xenstore requests, they can force xenstored into a DoS state, degrading the entire virtualized host.

Generated by OpenCVE AI on March 23, 2026 at 16:22 UTC.

Remediation

Vendor Workaround

There is no known mitigation available.

OpenCVE Recommended Actions

  • Check for XSA-481 patch or an updated Xen release that addresses the xenstored crash.
  • Verify current Xen version and monitor vendor advisories for a fix.
  • If a patch is not yet available, monitor xenstored CPU usage and service availability for signs of DoS.
  • Consider restricting Xenstore access from unprivileged guests or disabling the vulnerable node path if possible.
  • Apply general best practices: keep Xen up to date, restrict guest permissions, and monitor system logs for xenstored anomalies.

Generated by OpenCVE AI on March 23, 2026 at 16:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 10 Apr 2026 20:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:o:xen:xen:*:*:*:*:*:*:x86:*

Tue, 24 Mar 2026 10:45:00 +0000

Type Values Removed Values Added
First Time appeared Xen
Xen xen
Vendors & Products Xen
Xen xen

Mon, 23 Mar 2026 15:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-617
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 23 Mar 2026 08:30:00 +0000

Type Values Removed Values Added
References

Mon, 23 Mar 2026 07:15:00 +0000

Type Values Removed Values Added
Description Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get.
Title Xenstored DoS by unprivileged domain
References

Subscriptions

Xen Xen
cve-icon MITRE

Status: PUBLISHED

Assigner: XEN

Published:

Updated: 2026-03-23T14:14:02.810Z

Reserved: 2026-01-14T13:07:36.961Z

Link: CVE-2026-23555

cve-icon Vulnrichment

Updated: 2026-03-23T07:32:28.482Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-23T07:16:07.330

Modified: 2026-04-10T20:38:17.427

Link: CVE-2026-23555

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-25T14:49:33Z

Weaknesses