CVE-2026-23556

Xen · oxenstored

A resource leak in Xen oxenstored allows for improper node usage tracking during domain teardown, resulting in potential denial-of-service conditions for future domain IDs.

Executive summary

A critical resource leak vulnerability in the Xen oxenstored component allows unauthenticated attackers to trigger domain-wide denial-of-service conditions by exhausting node quotas.

Vulnerability

This vulnerability involves an improper preservation of permissions and state (CWE-281) where usage counts are leaked during domain teardown. Because the vulnerability is triggered by the reuse of domain IDs, an attacker can effectively manipulate the quota system for subsequent domains.

Business impact

The vulnerability carries a CVSS score of 9.4, reflecting a critical severity due to the potential for total impact on confidentiality, integrity, and availability. Successful exploitation allows an attacker to cause system instability or prevent the creation of new virtual domains, leading to significant service downtime and operational disruption.

Remediation

Immediate Action: Apply the vendor-supplied patch or update to the latest version of Xen oxenstored immediately.

Proactive Monitoring: Monitor system logs for unexpected domain teardown errors or anomalies in node allocation and quota management.

Compensating Controls: Restrict environment access to trusted users and implement strict resource limits for domain creation to minimize the potential impact of quota exhaustion.

Exploitation status

Public Exploit Available: False

Analyst recommendation

Given the critical severity of this vulnerability and the potential for complete system impact, immediate remediation is required. Organizations should prioritize updating their Xen environments to the latest patched version to prevent potential denial-of-service attacks.