CVE-2026-23557

NameCVE-2026-23557
DescriptionAny guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to define NDEBUG for xenstored builds even in release builds of Xen.
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
xen (PTS)bullseye4.14.6-1vulnerable
bullseye (security)4.14.5+94-ge49571868d-1vulnerable
bookworm, bookworm (security)4.17.5+72-g01140da4e8-1vulnerable
trixie4.20.2+37-g61ff35323e-0+deb13u1vulnerable
trixie (security)4.20.2+7-g1badcf5035-0+deb13u1vulnerable
forky, sid4.20.2+37-g61ff35323e-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
xensource(unstable)(unfixed)unimportant

Notes

https://xenbits.xen.org/xsa/advisory-484.html
Debian uses the ocaml-based xenstored
Search for package or bug name: Reporting problems