Acceleration support for the "REP MOVS" instruction, when the first iteration accesses memory mapped I/O emulated internally in the hypervisor, incorrectly assumes that the whole range accessed is handled by the same hypervisor sub-component. A buggy or malicious HVM guest can crash the host. Acknowledgements: Red Hat would like to thank the Xen project for reporting this issue.
Statement: This issue does affect the versions of the kernel-xen package as shipped with Red Hat Enterprise Linux 5. Future kernel-xen updates for Red Hat Enterprise Linux 5 may address this issue.
Created attachment 959509 [details] upstream patch
External References: http://xenbits.xen.org/xsa/advisory-112.html
This issue has been addressed in the following products: Red Hat Enterprise Linux 5 Via RHSA-2015:0783 https://rhn.redhat.com/errata/RHSA-2015-0783.html