Primary

Context

Xenstored Denial-of-Service Vulnerability via XS_RESET_WATCHES Command

Vulnerability

A denial-of-service vulnerability has been identified in the Xenstored component of the Xen hypervisor. Any guest can cause xenstored to crash by issuing an XS_RESET_WATCHES command within a transaction, triggering an assertion failure. This vulnerability affects all Xen systems from version 4.2 onwards, except those using the OCaml variant of Xenstore (oxenstored) or the C variant built with NDEBUG defined. The issue disrupts Xenstore operations, leading to a failure in domain administration on the host.

Impact

Exploitation of this vulnerability causes xenstored to crash, disrupting all Xenstore actions. This crash prevents further domain administration on the host, creating a significant management hurdle.

Remediation

The vulnerability can be resolved by applying the appropriate patch. Patches for this vulnerability are available for Xen 4.17.x and Xen 4.18.x. Note that these patches should be applied to the tip of the stable branch.

Added: May 19, 2026, 3:01 PM

Updated: May 19, 2026, 3:01 PM

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

3.3

remediation

6.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.2

impact

2.5

exploitability

3.3

remediation

6.0

relevance

8.8

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Xenstored Denial-of-Service Vulnerability via XS_RESET_WATCHES Command

Vulnerability

Impact

Remediation

Affected Products

Xen

Xenstored

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating