When an x86 PV domain has a passed-through PCI device assigned, IOMMU
mappings may need to be updated when the type of a particular page
changes. Such an IOMMU operation may fail. In the event of failure,
while at present the affected guest would be forcibly crashed, the
already recorded additional type reference was not dropped again. This
causes a bug check to trigger while cleaning up after the crashed
guest.
Malicious or buggy x86 PV guest kernels can mount a Denial of Service
(DoS) attack affecting the whole system.
References:
https://seclists.org/oss-sec/2019/q1/159