Detections
Analytics

Xen: Xenstored DoS by unprivileged domain (XSA-481)

high Nessus Plugin ID 318808

Synopsis

The remote Xen hypervisor installation is missing a security update.

Description

Any guest issuing a Xenstore command accessing a node using the (illegal) node path '/local/domain/', will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored. In case xenstored is being built with NDEBUG #defined, an unprivileged guest trying to access the node path '/local/domain/' will result in it no longer being serviced by xenstored, other guests (including dom0) will still be serviced, but xenstored will use up all cpu time it can get.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Apply the appropriate patch according to the vendor advisory.

See Also

https://xenbits.xenproject.org/xsa/advisory-481.html

Plugin Details

Severity: High

ID: 318808

File Name: xen_server_XSA-481.nasl

Version: 1.1

Type: Local

Family: Misc.

Published: 6/5/2026

Updated: 6/5/2026

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 4.9

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2026-23555

CVSS v3

Risk Factor: High

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

Vulnerability Information

CPE: cpe:/o:xen:xen

Required KB Items: installed_sw/Xen Hypervisor, Settings/ParanoidReport

Patch Publication Date: 3/17/2026

Vulnerability Publication Date: 3/17/2026

Reference Information

CVE: CVE-2026-23555

IAVB: 2026-B-0069