A VM that controls a PCI[E] device directly can cause it to issue DMA requests to invalid addresses. Although these requests are denied by the IOMMU, the hypervisor needs to handle the interrupt and clear the error from the IOMMU, and this can be used to live-lock a CPU and potentially hang the host.
A malicious guest administrator of a VM that has direct control of a PCI[E] device can cause a performance degradation, and possibly hang the host.
changeset 23762:537ed3b74b3f of xen-unstable.hg
changeset 23112:84e3706df07a of xen-4.1-testing.hg
The versions of the Linux kernel as shipped with Red Hat Enterprise Linux 4, 6,
and Red Hat Enterprise MRG are not affected. It has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2011-1386.html.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2011:1386 https://rhn.redhat.com/errata/RHSA-2011-1386.html