CVE-2026-23555

Published: Mar 23, 2026 Last Modified: Mar 23, 2026
ExploitDB:
Other exploit source:
Google Dorks:

Description

AI Translation Available

Any guest issuing a Xenstore command accessing a node using the
(illegal) node path '/local/domain/', will crash xenstored due to a
clobbered error indicator in xenstored when verifying the node path.

Note that the crash is forced via a failing assert() statement in
xenstored. In case xenstored is being built with NDEBUG #defined,
an unprivileged guest trying to access the node path '/local/domain/'
will result in it no longer being serviced by xenstored, other guests
(including dom0) will still be serviced, but xenstored will use up
all cpu time it can get.

http://www.openwall.com/lists/oss-security/2026/03/17/7
http://www.openwall.com/lists/oss-security/2026/03/17/7
http://xenbits.xen.org/xsa/advisory-481.html
http://xenbits.xen.org/xsa/advisory-481.html
https://xenbits.xenproject.org/xsa/advisory-481.html
https://xenbits.xenproject.org/xsa/advisory-481.html