{
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "cveMetadata": {
    "cveId": "MOKSHA-2026-0088",
    "assignerOrgId": "moksha.dk",
    "x_moksha_note": "Self-issued advisory. MOKSHA-2026-NNNN is not a MITRE CVE ID. Schema follows CVE JSON 5.1 for tooling compatibility. CVE ID will be added to alternateIds when assigned by MITRE or another CNA.",
    "state": "PUBLISHED",
    "datePublished": "2026-04-24T06:00:00Z"
  },
  "containers": {
    "cna": {
      "providerMetadata": {
        "orgId": "moksha.dk",
        "shortName": "Moksha",
        "dateUpdated": "2026-04-24T06:00:00Z"
      },
      "title": "Int64 Overflow in bytes_per_interval via VIF.qos_algorithm_params",
      "descriptions": [
        {
          "lang": "en",
          "value": "A vm-admin in XAPI-based hypervisors (XenServer, XCP-ng) can set VIF.qos_algorithm_params kbps and timeslice_us values that cause Int64 overflow in the bytes_per_interval computation at device.ml:835-845. OCaml silently wraps on integer overflow, producing unexpected rate values. xenopsd bounds checking catches most overflow results, but edge cases where the wrapped value falls within the valid range produce rate limits unrelated to the configured kbps. The field has zero map_keys_roles entries."
        }
      ],
      "metrics": [
        {
          "format": "CVSS",
          "cvssV3_1": {
            "version": "3.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
            "baseScore": 2.3,
            "baseSeverity": "LOW"
          }
        },
        {
          "format": "CVSS",
          "cvssV4_0": {
            "version": "4.0",
            "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM"
          }
        }
      ],
      "affected": [
        {
          "vendor": "Cloud Software Group",
          "product": "XenServer",
          "versions": [
            { "status": "affected", "version": "all", "versionType": "custom" }
          ]
        },
        {
          "vendor": "Vates",
          "product": "XCP-ng",
          "versions": [
            { "status": "affected", "version": "all", "versionType": "custom" }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Integer Overflow or Wraparound",
              "cweId": "CWE-190",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "lang": "en",
              "description": "Improper Input Validation",
              "cweId": "CWE-20",
              "type": "CWE"
            }
          ]
        }
      ],
      "references": [
        { "url": "https://cna.moksha.dk/MOKSHA-2026-0088" }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Jakob Wolffhechel, Moksha"
        }
      ]
    }
  }
}