← Advisory Index « MOKSHA-2026-0033 MOKSHA-2026-0035 »

MOKSHA-2026-0034: Coalesce Blocking via VDI.other_config leaf-coalesce

Advisory ID	MOKSHA-2026-0034
Semantic ID	DOC-5
Published	2026-04-24
CVSS 3.1	6.8 Medium
CVSS 3.1 Vector	`AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H`
CVSS 4.0	7.1 High
CVSS 4.0 Vector	`AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:H`
XAPI Object	`VDI`
XAPI Field	`other_config:leaf-coalesce`
Entry Role	vm-admin
Researcher	Jakob Wolffhechel, Moksha

Affected Products

Vendor	Product	Versions
Citrix / Cloud Software Group	XenServer / Citrix Hypervisor	all versions (shared XAPI codebase)
Vates	XCP-ng	8.3.0

Summary

A vm-admin in XAPI-based hypervisors (XenServer, XCP-ng) can permanently block VHD leaf coalesce operations on any VDI by setting VDI.other_config:leaf-coalesce to false. The SM garbage collector (cleanup.py) reads this key and skips leaf coalesce when the value is false. Snapshot chains grow unbounded, consuming storage until the SR reaches capacity or the VHD chain exceeds the maximum depth. The attack requires a single API call, produces no alert, and the effect persists indefinitely. The same mechanism allows setting gc=false or coalesce=false to disable all garbage collection on a VDI. The leaf-coalesce key has no per-key RBAC protection in datamodel.ml.

Vulnerability Description

VDI.other_config is a Map(String, String) field writable by vm-admin. The leaf-coalesce key is consumed by the SM garbage collector at cleanup.py:2149-2245 to decide whether to perform leaf coalesce operations on a VDI.

The code path:

vm-admin calls VDI.add_to_other_config(vdi, "leaf-coalesce", "false")
The SM garbage collector reads VDI.other_config during its periodic scan
cleanup.py:516 reads DB_LEAFCLSC = "leaf-coalesce" and checks its value
If the value is "false" (LEAFCLSC_DISABLED), the GC skips leaf coalesce for this VDI
Snapshot chains accumulate without being coalesced

Additional GC-disabling keys in VDI.other_config:

gc=false - disables garbage collection entirely for the VDI (cleanup.py:514)
coalesce=false - disables all coalesce operations (cleanup.py:515)

All three keys are unprotected by map_keys_roles. The VDI.other_config field only protects folder and XenCenter.CustomFields.* at _R_VM_OP.

Root Causes

Missing RBAC protection. VDI.other_config has no map_keys_roles entry for leaf-coalesce, gc, or coalesce. All are writable by vm-admin.
Direct SM GC control from user-writable field. The garbage collector's behavior is controlled by keys in a user-writable map field with no intermediate validation layer.
No monitoring or alerting. When coalesce is disabled, no alert or audit event is generated. The condition is invisible to administrators until storage exhaustion occurs.
Persistent effect. The key persists in the XAPI database indefinitely. Coalesce blocking survives VM restarts, host reboots, and pool maintenance operations.

Affected Systems

Directly Affected

XenServer / Citrix Hypervisor - all versions (shared SM driver codebase)
XCP-ng - all versions (confirmed on 8.3.0)

Indirectly Affected

Storage repositories - unbounded chain growth consumes SR capacity
All VMs on affected SR - storage exhaustion impacts all VMs sharing the SR
Backup systems - snapshot chain depth may exceed tool limits

Exploitation Scenarios

Scenario	Impact	Pre-conditions	Status
Leaf coalesce blocking	Snapshot chains grow unbounded until SR fills	vm-admin, VDI with snapshots on LVHD SR	Source-traced
Full GC disablement	Orphan VDIs accumulate, consuming storage indefinitely	vm-admin, LVHD SR with VDI lifecycle operations	Source-traced
Silent storage exhaustion	SR reaches capacity, all VMs on the SR experience I/O errors	vm-admin, coalesce blocked on one or more VDIs	Modeled
Chain depth exhaustion	VHD chain exceeds maximum depth, VDI operations fail	vm-admin, repeated snapshots with coalesce blocked	Modeled

Detection

Monitor VDI.other_config for leaf-coalesce=false, gc=false, or coalesce=false on production VDIs
Alert on snapshot chain depth exceeding normal thresholds (typically 2-3 levels after coalesce)
Monitor SR free space trends for unexpected consumption patterns
See rule D-05 in disclosure/vendor-detection-guidance.md

Remediation

Short-Term Mitigations

Audit all VDI.other_config records for leaf-coalesce, gc, and coalesce keys set to false
Remove unauthorized GC-disabling keys from production VDIs
Monitor SR free space and snapshot chain depth

Long-Term Fix

Add map_keys_roles. Protect leaf-coalesce, gc, and coalesce in datamodel.ml at _R_POOL_ADMIN to prevent vm-admin from controlling garbage collection behavior.

Separate GC policy from user-writable fields. Storage GC configuration should not be stored in other_config. Move GC policy to a dedicated, restricted configuration mechanism.

Upstream patches exist. They are held privately pending coordinated disclosure.

Disclosure

Disclosure:

Public release: 2026-04-24 08:00 CEST
CERT/CC notified: 2026-04-23
MITRE CVE reservation filed: 2026-04-09 (no response as of publication)
EU CVE registers notified: 2026-04-18 (GCVE/CIRCL, ENISA, DIVD - no response)
Vendor (Cloud Software Group / Citrix): not contacted pre-publication
Downstream maintainer (Vates/XCP-ng): contacted 2026-04-23 with conditional patch offer

References

XAPI source: datamodel.ml:6310-6315 (VDI.other_config field definition), cleanup.py:514-516 (GC key constants), cleanup.py:2149-2245 (leaf coalesce decision logic)
Thematic advisory: disclosure/advisories/doc-security-advisory.md (DOC-5)
Investigation: research/investigations/vdi-other-config.md

Credits

Discovered and reported by Jakob Wolffhechel, Moksha.

Machine-readable: MOKSHA-2026-0034.json (CVE JSON 5.1 schema)

← Advisory Index « MOKSHA-2026-0033 MOKSHA-2026-0035 »

Jakob Wolffhechel · Moksha · Copenhagen
jakob@wolffhechel.dk · +45 3170 7337
Published 2026-04-24 08:00 CEST · cna.moksha.dk · shittrix.moksha.dk