Information
| Advisory | XSA-483 |
|---|
| Public release | 2026-04-28 12:00 |
|---|
| Updated | 2026-04-28 12:01 |
|---|
| Version | 2 |
|---|
| CVE(s) | CVE-2026-23556 |
|---|
| Title | oxenstored keeps quota related use counts across domain destruction |
|---|
Files
advisory-483.txt (signed advisory file)
xsa483.patch
xsa483-4.17.patch
xsa483-xapi.patch
Advisory
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Xen Security Advisory CVE-2026-23556 / XSA-483
version 2
oxenstored keeps quota related use counts across domain destruction
UPDATES IN VERSION 2
====================
Public release.
ISSUE DESCRIPTION
=================
When oxenstored is tearing a domain down, the node data is cleaned up
but the usage counts are leaked.
When the domain ID is eventually reused, the new domain can create fewer
nodes before beeing deemed to be over quota.
IMPACT
======
Over an extended period of time, new domains will be able to create
fewer and fewer nodes in xenstored, until they are eventually unable to
operate at all.
A buggy or malicious domain can speed this process up by deliberately
hitting it's quota, and then rebooting.
VULNERABLE SYSTEMS
==================
All versions of Xen containing the XSA-419 fixes are vulnerable.
Only systems configured to use oxenstored (Ocaml xenstored) are
vulnerable. Systems configured to xenstored (C xenstored) are not
vulnerable.
MITIGATION
==========
Performing a xenstore live update mitigates the issue.
CREDITS
=======
This issue was discovered by Andrii Sultanov of Vates.
RESOLUTION
==========
Applying the appropriate attached patch resolves this issue.
Note that patches for released versions are generally prepared to
apply to the stable branches, and may not apply cleanly to the most
recent release tarball. Downstreams are encouraged to update to the
tip of the stable branch before applying these patches.
xsa483.patch xen-unstable - Xen 4.18.x
xsa483-4.17.patch Xen 4.17.x
xsa483-xapi.patch XAPI oxenstored
$ sha256sum xsa483*
4be3acc57dcd5e2719cab165729879757a1915c33b848a37623dd4a5f1157746 xsa483.patch
389b0411d855894adff6f640dcbd3358adc6d4cb9ddeedbcb9cb2c345af67d51 xsa483-4.17.patch
ec191a1e158eddd22bfbd764f26f6b6a0b75b9fe0a223dc66da1c4a16ef73122 xsa483-xapi.patch
$
DEPLOYMENT DURING EMBARGO
=========================
Deployment of the patches and/or mitigations described above (or
others which are substantially similar) is permitted during the
embargo, even on public-facing systems with untrusted guest users and
administrators.
But: Distribution of updated software is prohibited (except to other
members of the predisclosure list).
Predisclosure list members who wish to deploy significantly different
patches and/or mitigations, please contact the Xen Project Security
Team.
(Note: this during-embargo deployment notice is retained in
post-embargo publicly released Xen Project advisories, even though it
is then no longer applicable. This is to enable the community to have
oversight of the Xen Project Security Team's decisionmaking.)
For more information about permissible uses of embargoed information,
consult the Xen Project community's agreed Security Policy:
http://www.xenproject.org/security-policy.html
-----BEGIN PGP SIGNATURE-----
iQFABAEBCAAqFiEEI+MiLBRfRHX6gGCng/4UyVfoK9kFAmnwoPIMHHBncEB4ZW4u
b3JnAAoJEIP+FMlX6CvZM8EH/iXC6hLQHAVLeRCfUEZ1ncM7029KPyRxLIOlthCS
cAyMNjyVSckGMRgKvYWCpl/fN1v/2yv3olIIR9wtncaq8Q+iMkwOsw1P46fmsh3J
40pK6PnaP1/kRrua1ZANlUc8YUhWG8fE2ADPHCIo57qbO1fXVUEWARdgU5gYIkF4
Kz+dvkpEEiTdRe24zqfn9Bv4lDsihfq3B9zecEuqMj3L88FrMP9VfBJZMbx9N/Pb
TUE/FltETdWqMLeIyb7r3P5OPrLRYk6ebgrX96Pb3f0d1/OC8E4Me3RNvGoArmOI
f8R0M/zly0lmoJspJFtI2C7BdUIKB/59z/Sz2YC706AJBO0=
=mbDG
-----END PGP SIGNATURE-----
Xenproject.org Security Team