XSA-302 relies on the use of libxl's "assignable-add" feature to prepare devices to be assigned to untrusted guests. However this is not a strictly required step. The PCI passthrough documentation on the wiki describes alternate ways of preparing devices for assignment. Hosts where these methods are used will still leave the system in a vulnerable state after the device comes back from a guest.
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1780559]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):