CVE-2026-23557

EUVD-2026-30925
Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES
command within a transaction due to an assert() triggering.

In case xenstored was built with NDEBUG #defined nothing bad will
happen, as assert() is doing nothing in this case. Note that the
default is not to define NDEBUG for xenstored builds even in release
builds of Xen.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
Affected Products (NVD)
VendorProductVersion
xenxen
4.2.0 ≤
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bookworm
unimportant
bookworm (security)
unimportant
bullseye
unimportant
bullseye (security)
unimportant
forky
unimportant
sid
unimportant
trixie
unimportant
trixie (security)
unimportant
Common Weakness Enumeration
Vulnerability Media Exposure
References
https://xenbits.xenproject.org/xsa/advisory-484.html
http://www.openwall.com/lists/oss-security/2026/04/28/11
http://xenbits.xen.org/xsa/advisory-484.html