Vulnerability Summary Advisory: XSA-277 Public Release: 2018-11-20 12:00 Updated: 2019-01-08 16:43 Version: 3 CVE(s): CVE-2018-19964 Title: x86: incorrect error handling for guest p2m page removals Key Vulnerability Information Issue Description: The internal function querying a domain's p2m table grabs the p2m lock by default. If the caller does not release the lock, certain failure paths can cause a deadlock, leading to a potential Denial of Service (DoS). Impact: A malicious or buggy guest may cause a deadlock, resulting in a DoS affecting the entire host. Vulnerable Systems: - Xen 4.11 and onward. - Only x86 systems are affected; ARM systems are not. - Only systems running untrusted HVM or PVH guests are vulnerable. Mitigation: Run only PV guests to avoid this vulnerability. Resolution: Apply the attached patch ( ) to and . Deployment During Embargo: Deployment of patches and mitigations is permitted during embargo for systems with untrusted guest users and administrators, but distribution of updated software is prohibited except to pre-disclosure list members. Discovery Credit: This issue was discovered by Paul Durrant of Citrix.