The pv bootloader doesn't check the size of a bzip2 or lzma compressed kernel image. Denial of service can be caused by padding a large file at the end of the kernel image, which can be used by a malicious domU root to cause OOM conditions on the host. Acknowledgements: Red Hat would like to thank Xinli Niu for reporting this issue.
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817#c4 This has been assigned CVE-2012-2625 by MITRE.
This is public, http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1817.
Upstream fix: http://xenbits.xensource.com/hg/xen-unstable.hg/rev/60f09d1ab1fe
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2012:1130 https://rhn.redhat.com/errata/RHSA-2012-1130.html