libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring.
libvchan-using facilities are vulnerable to denial of service and perhaps privilege escalation.
External reference:
http://seclists.org/oss-sec/2014/q1/264
Acknowledgements:
Red Hat would like to thank the Xen project for reporting this issue.
Statement:
Not vulnerable.
This issue does not affect the versions of the xen package as shipped with Red Hat Enterprise Linux 5 as it does not provide oxenstored.
This issue does not affect Red Hat Enterprise Linux 6 and Red Hat Enterprise MRG 2.