When using the FIFO-based event channels, there are no checks for the
existence of a control block when binding an event or moving it to a
different VCPU. As a result, a buggy or malicious guest can crash the
host.
References:
http://xenbits.xen.org/xsa/advisory-107.htmlhttp://www.openwall.com/lists/oss-security/2014/09/09/22
Acknowledgements:
Red Hat would like to thank the Xen for reporting this issue. Xen acknowledges
Vitaly Kuznetsov from Red Hat as the original reporter of this issue and David
Vrabel of Citrix as the one who diagnosed this issue as having security
repercussions.