XEN xenstored crash via XS_RESET_WATCHES Assert
CVE-2026-23557 Published on May 19, 2026

Xenstored DoS via XS_RESET_WATCHES command
Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.

NVD

Vulnerability Analysis

CVE-2026-23557 can be exploited with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
LOCAL
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
NONE
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is an assertion failure Vulnerability?

The product contains an assert() or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary.

CVE-2026-23557 has been classified to as an assertion failure vulnerability or weakness.


Products Associated with CVE-2026-23557

Want to know whenever a new CVE is published for Citrix Xen Xen? stack.watch will email you.

Citrix Xen Xen
 

Affected Versions

Xen Version consult Xen advisory XSA-484 is unknown by CVE-2026-23557