When dealing with the grant map space of add-to-physmap operations,
ARM specific code recognizes a number of error conditions, but fails
to release a lock being held on the respective exit paths.
A malicious guest administrator can cause a denial of service.
Specifically, prevent use of a physical CPU for an indefinite period
of time.
Upstream patch:
http://seclists.org/oss-sec/2017/q3/att-341/xsa235.patch
References:
http://seclists.org/oss-sec/2017/q3/341