ALPINE-CVE-2026-23556

Source
https://security.alpinelinux.org/vuln/CVE-2026-23556
Import Source
https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-23556.json
JSON Data
https://api.osv.dev/v1/vulns/ALPINE-CVE-2026-23556
Upstream
  • CVE-2026-23556
Withdrawn
2026-07-14T08:03:34.400070947Z
Published
2026-07-09T16:16:38.690Z
Modified
2026-07-14T08:03:34.400071221Z
Severity
  • 9.4 (Critical) CVSS_V4 - CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

When oxenstored is tearing a domain down, the node data is cleaned up but the usage counts are leaked.

When the domain ID is eventually reused, the new domain can create fewer nodes before beeing deemed to be over quota.

References

Affected packages

Alpine:v3.20 / xen

Package

Name
xen
Purl
pkg:apk/alpine/xen?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-23556.json"

Alpine:v3.21 / xen

Package

Name
xen
Purl
pkg:apk/alpine/xen?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-23556.json"

Alpine:v3.22 / xen

Package

Name
xen
Purl
pkg:apk/alpine/xen?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-23556.json"

Alpine:v3.23 / xen

Package

Name
xen
Purl
pkg:apk/alpine/xen?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-23556.json"

Alpine:v3.24 / xen

Package

Name
xen
Purl
pkg:apk/alpine/xen?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/alpine/ALPINE-CVE-2026-23556.json"