SB2026042901 - Fedora 44 update for xen

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2026042901

SB2026042901 - Fedora 44 update for xen

Published: April 29, 2026

Security Bulletin ID SB2026042901
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 50% Low 50%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Missing Release of Resource after Effective Lifetime (CVE-ID: CVE-2026-23556)

CWE-ID: CWE-772 - Missing Release of Resource after Effective Lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to cause a denial of service.

The vulnerability exists due to improper resource management in oxenstored quota use counts when tearing down and reusing domain IDs. A remote user can deliberately hit its quota and reboot a domain to cause a denial of service.

Only systems configured to use oxenstored are vulnerable.


2) Reachable assertion (CVE-ID: CVE-2026-23557)

CWE-ID: CWE-617 - Reachable Assertion

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote attacker to cause a denial of service.

The vulnerability exists due to an assertion failure in xenstored when processing an XS_RESET_WATCHES command within a transaction. A remote attacker can issue a crafted XS_RESET_WATCHES command within a transaction to cause a denial of service.

Only systems using the C variant of xenstored or xenstore-stubdom built without NDEBUG are vulnerable.


3) Race condition (CVE-ID: CVE-2026-23558)

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to escalate privileges, disclose sensitive information, or cause a denial of service.

The vulnerability exists due to a race condition in status page mapping via XENMEM_add_to_physmap when changing the grant table version from v2 to v1 in parallel with mapping status pages. A remote user can trigger concurrent grant table version changes and status page mappings to escalate privileges, disclose sensitive information, or cause a denial of service.

Only x86 HVM and PVH guests permitted to use grant table version 2 interfaces can leverage this vulnerability.


4) Observable discrepancy (CVE-ID: CVE-2025-54505)

CWE-ID: CWE-203 - Observable discrepancy

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a local user to disclose sensitive information.

The vulnerability exists due to transient execution in floating-point divisor unit when executing floating-point operations in privileged code. A local user can sample data from the floating-point divisor unit to disclose sensitive information.

The issue affects systems with SMT enabled as well as systems without SMT.


Remediation

Install update from vendor's website.

References