CVE-2026-23557 PUBLISHED

Xenstored DoS via XS_RESET_WATCHES command

Assigner: XEN
Reserved: 14.01.2026 Published: 19.05.2026 Updated: 19.05.2026

Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering.

In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.

Product Status

Vendor	Xen
Product	Xen
Versions	Default: unknown Version consult Xen advisory XSA-484 is unknown

Affected Configurations

All Xen systems from Xen 4.2 onwards are vulnerable. Systems up to Xen 4.1 are not vulnerable.

Systems using the C variant of xenstored or xenstore-stubdom built without NDEBUG are vulnerable. Systems using the OCaml variant of Xenstore (oxenstored), or the C variant (xenstored or xenstore-stubdom) built with NDEBUG defined are not vulnerable.

Workarounds

There is no known mitigation available.

Credits

This issue was discovered by Andrii Sultanov of Vates. finder

References

https://xenbits.xenproject.org/xsa/advisory-484.html

Impacts

Any unprivileged domain can cause xenstored to crash, causing a DoS (denial of service) for any Xenstore action. This will result in an inability to perform further domain administration on the host.