CVEFinder.io

CVE-2026-23557

đŸ”ļ medium
🔍 Scan for this CVE
Summary

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.

CVSS Score
6.5
Medium
EPSS Score
-
Published Date
2026-05-19
First Seen: 2026-05-20
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 47.8% of all 321,566 vulnerabilities in our database.

#167,705
Below average severity
Severity Percentile
đŸŽ¯ CISA SSVC Assessment Updated: May 19, 2026
🔍 Exploitation Status
None
No known exploits
⚙ī¸ Automatable
NO
Requires human interaction
đŸ’Ĩ Technical Impact
Partial
Limited system impact
🏆 Discovered By
This issue was discovered by Andrii Sultanov of Vates.
SSVC data provided by CISA
Last Modified 2026-05-19
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE IDs (Weakness Types)
CWE-617

đŸ“Ļ Affected Products 1

Vendor Product Status Affected Versions
xen xen Affected
> 4.2.0

🔗 References 3

https://xenbits.xenproject.org/xsa/advisory-484.html
Patch Vendor Advisory
http://www.openwall.com/lists/oss-security/2026/04/2...
Mailing List Patch Third Party Advisory
http://xenbits.xen.org/xsa/advisory-484.html
Patch Vendor Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2026-23558 ⚠ī¸ high 7.8 - The adjustments made for XSA-379 as well as those subsequently becoming XSA-387 still left a race window, when a HVM or ... 2026-05-19
CVE-2026-23554 ⚠ī¸ high 7.8 0.0 The Intel EPT paging code uses an optimization to defer flushing of any cached EPT state until the p2m lock is dropped, ... 2026-03-23
CVE-2026-23555 ⚠ī¸ high 7.1 0.0 Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstor... 2026-03-23
CVE-2025-58150 ⚠ī¸ high 8.8 0.0 Shadow mode tracing code uses a set of per-CPU variables to avoid cumbersome parameter passing. Some of these variables... 2026-01-28
CVE-2026-23553 ℹī¸ low 2.9 0.0 In the context switch logic Xen attempts to skip an IBPB in the case of a vCPU returning to a CPU on which it was the pr... 2026-01-28
CVE-2025-58147 ⚠ī¸ high 7.5 0.0 [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to whi... 2025-10-31
These CVEs affect the same products