VYPR

xenstored

by Xen

Source repositories

CVEs (10)

  • CVE-2018-15470MedAug 17, 2018
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Xen through 4.11.x. The logic in oxenstored for handling writes depended on the order of evaluation of expressions making up a tuple. As indicated in section 7.7.3 "Operations on data structures" of the OCaml manual, the order of evaluation of…

  • CVE-2026-23555HigMar 23, 2026
    risk 0.39cvss 7.1epss 0.00

    Any guest issuing a Xenstore command accessing a node using the (illegal) node path "/local/domain/", will crash xenstored due to a clobbered error indicator in xenstored when verifying the node path. Note that the crash is forced via a failing assert() statement in xenstored.…

  • CVE-2017-14317MedSep 12, 2017
    risk 0.36cvss 5.6epss 0.00

    A domain cleanup issue was discovered in the C xenstore daemon (aka cxenstored) in Xen through 4.9.x. When shutting down a VM with a stubdomain, a race in cxenstored may cause a double-free. The xenstored daemon may crash, resulting in a DoS of any parts of the system relying on…

  • CVE-2026-23557MedMay 19, 2026
    risk 0.35cvss 6.5epss 0.00

    Any guest can cause xenstored to crash by issuing a XS_RESET_WATCHES command within a transaction due to an assert() triggering. In case xenstored was built with NDEBUG #defined nothing bad will happen, as assert() is doing nothing in this case. Note that the default is not to…

  • CVE-2023-34323Jan 5, 2024
    risk 0.00cvss epss 0.00

    When a transaction is committed, C Xenstored will first check the quota is correct before attempting to commit any nodes. It would be possible that accounting is temporarily negative if a node has been removed outside of the transaction. Unfortunately, some versions of C…

  • CVE-2022-42317Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2022-42326Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: Guests can create arbitrary number of nodes via transactions T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] In case a node has been created in a transaction and it is later deleted in the…

  • CVE-2022-42312Nov 1, 2022
    risk 0.00cvss epss 0.00

    Xenstore: guests can let run xenstored out of memory T[his CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE.] Malicious guests can cause xenstored to allocate vast amounts of memory, eventually resulting in…

  • CVE-2020-29479Dec 15, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in Xen through 4.14.x. In the Ocaml xenstored implementation, the internal representation of the tree has special cases for the root node, because this node has no parent. Unfortunately, permissions were not checked for certain operations on the root…

  • CVE-2013-4416Nov 2, 2013
    risk 0.00cvss epss 0.01

    The Ocaml xenstored implementation (oxenstored) in Xen 4.1.x, 4.2.x, and 4.3.x allows local guest domains to cause a denial of service (domain shutdown) via a large message reply.