CVEFinder.io

CVE-2026-23555

⚠️ high
πŸ” Scan for this CVE
Summary

Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path "/local/domain/" will result in it no longer being serviced by xenstored, other guests (including dom0) will stil

Description

Any guest issuing a Xenstore command accessing a node using the
(illegal) node path "/local/domain/", will crash xenstored due to a
clobbered error indicator in xenstored when verifying the node path.

Note that the crash is forced via a failing assert() statement in
xenstored. In case xenstored is being built with NDEBUG #defined,
an unprivileged guest trying to access the node path "/local/domain/"
will result in it no longer being serviced by xenstored, other guests
(including dom0) will still be serviced, but xenstored will use up
all cpu time it can get.

CVSS Score
7.1
High
EPSS Score
0.0
Exploit Probability
Published Date
2026-03-23
First Seen: 2026-03-24
πŸ“Š Relative Risk Intelligence

This CVE is Moderate Risk - more severe than 53.4% of all 321,566 vulnerabilities in our database.

#149,865
Above average severity
Severity Percentile
🎯 CISA SSVC Assessment Updated: Mar 23, 2026
πŸ” Exploitation Status
None
No known exploits
βš™οΈ Automatable
NO
Requires human interaction
πŸ’₯ Technical Impact
Partial
Limited system impact
πŸ† Discovered By
This issue was discovered by Marek Marczykowski-GΓ³reckiof Invisible Things Lab.
SSVC data provided by CISA
Last Modified 2026-04-10
Source NVD πŸ”—
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-617

πŸ“¦ Affected Products 1

Vendor Product Status Affected Versions
xen xen Affected
> 4.18.0

πŸ”— References 3

https://xenbits.xenproject.org/xsa/advisory-481.html
Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/03/17/7
Mailing List Patch Third Party Advisory
http://xenbits.xen.org/xsa/advisory-481.html
Patch Vendor Advisory

πŸ”— Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-23557 πŸ”Ά medium 6.5 - Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() tri... 2026-05-19
CVE-2026-23558 ⚠️ high 7.8 - The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or ... 2026-05-19
CVE-2026-23554 ⚠️ high 7.8 0.0 The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, ... 2026-03-23
CVE-2025-58150 ⚠️ high 8.8 0.0 Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables... 2026-01-28
CVE-2026-23553 ℹ️ low 2.9 0.0 In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the pr... 2026-01-28
CVE-2025-58147 ⚠️ high 7.5 0.0 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to whi... 2025-10-31
These CVEs affect the same products