{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"cveId":"CVE-2026-23555","assignerOrgId":"23aa2041-22e1-471f-9209-9b7396fa234f","state":"PUBLISHED","assignerShortName":"XEN","dateReserved":"2026-01-14T13:07:36.961Z","datePublished":"2026-03-23T06:57:07.653Z","dateUpdated":"2026-03-23T14:14:02.810Z"},"containers":{"cna":{"title":"Xenstored DoS by unprivileged domain","datePublic":"2026-03-17T12:00:00.000Z","descriptions":[{"lang":"en","value":"Any guest issuing a Xenstore command accessing a node using the\n(illegal) node path \"/local/domain/\", will crash xenstored due to a\nclobbered error indicator in xenstored when verifying the node path.\n\nNote that the crash is forced via a failing assert() statement in\nxenstored. In case xenstored is being built with NDEBUG #defined,\nan unprivileged guest trying to access the node path \"/local/domain/\"\nwill result in it no longer being serviced by xenstored, other guests\n(including dom0) will still be serviced, but xenstored will use up\nall cpu time it can get."}],"impacts":[{"descriptions":[{"lang":"en","value":"Any unprivileged domain can cause xenstored to crash, causing a\nDoS (denial of service) for any Xenstore action. This will result\nin an inability to perform further domain administration on the host.\n\nIn case xenstored has been built with NDEBUG defined, an unprivileged\ndomain can force xenstored to be 100% busy, but without harming\nxenstored functionality for other guests otherwise."}]}],"affected":[{"defaultStatus":"unknown","product":"Xen","vendor":"Xen","versions":[{"status":"unknown","version":"consult Xen advisory XSA-481"}]}],"configurations":[{"lang":"en","value":"All Xen systems from Xen 4.18 onwards are vulnerable. Systems up to\nXen 4.17 are not vulnerable.\n\nSystems using the C variant of xenstored are vulnerable. Systems using\nxenstore-stubdom or the OCaml variant of Xenstore (oxenstored) are not\nvulnerable."}],"workarounds":[{"lang":"en","value":"There is no known mitigation available."}],"credits":[{"lang":"en","type":"finder","value":"This issue was discovered by Marek Marczykowski-Góreckiof\nInvisible Things Lab."}],"references":[{"url":"https://xenbits.xenproject.org/xsa/advisory-481.html"}],"providerMetadata":{"orgId":"23aa2041-22e1-471f-9209-9b7396fa234f","shortName":"XEN","dateUpdated":"2026-03-23T06:57:07.653Z"}},"adp":[{"title":"CVE Program Container","references":[{"url":"http://www.openwall.com/lists/oss-security/2026/03/17/7"},{"url":"http://xenbits.xen.org/xsa/advisory-481.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2026-03-23T07:32:28.482Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-617","lang":"en","description":"CWE-617 Reachable Assertion"}]}],"metrics":[{"cvssV3_1":{"scope":"CHANGED","version":"3.1","baseScore":7.1,"attackVector":"LOCAL","baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"HIGH","privilegesRequired":"NONE","confidentialityImpact":"NONE"}},{"other":{"type":"ssvc","content":{"timestamp":"2026-03-23T14:11:41.150968Z","id":"CVE-2026-23555","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2026-03-23T14:14:02.810Z"}}]}}