Tavis Ormandy discovered that the icebp instruction can be abused to terminate the emulation, resulting in denial of service. public via http://taviso.decsystem.org/virtsec.pdf also see http://lists.xensource.com/archives/html/xen-devel/2007-05/msg00021.html
Not vulnerable. This issue did not affect Xen as shipped with Red Hat Enterprise Linux 5.