A Xen daemon called xenstored can be terminated when any guest domain sends an XS_RESET_WATCHES command inside a transaction. The command triggers an assertion failure that aborts xenstored, removing the Xen interface that guests use to communicate with the hypervisor. Because xenstored is a privileged component, its termination means the host’s management functionality becomes unavailable, effectively disabling control of all guest domains, which is a classic denial‑of‑service fault. The weakness is a non‑trusted input that leads to an unchecked assertion in a privileged process, corresponding to CWE‑617.

The vulnerability exists in any Xen hypervisor build where xenstored is compiled without defining the NDEBUG macro. Xen builds use the default configuration that does not define NDEBUG, so all standard releases compiled in that mode may be affected. No specific product or version numbers are listed, and the advisory does not mention a patch or erratum.

The CVSS score of 6.5 indicates a moderate severity, and the EPSS score is not available, so the likelihood of real‑world exploitation cannot be quantified precisely. An attacker only needs the ability to run a guest domain that can issue xenstored commands, a condition that is typically satisfied in environments where guests are under the control of a user. The crash removes the Xen socket, causing any subsequent attempts to talk to the hypervisor to fail until xenstored is restarted, which in turn would require a machine reboot or a manual restart of the daemon. The vulnerability is not in the CISA KEV catalog, but its local nature does not reduce its impact on host availability.