David Vrabel

**Name of the Vulnerable Software and Affected Versions** Xenstore (affected versions not specified) **Description** The issue is related to uncontrolled recursion in Xenstore operations, such as deleting a sub-tree of Xenstore nodes. This can lead to stack exhaustion on xenstored, resulting in a crash. The problem arises when there are sufficiently deep nesting levels. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Xen versions 4.4.x **Description** The issue allows local guest users to cause a denial of service, resulting in a host crash. This can be achieved through vectors involving an uninitialized FIFO-based event channel control block, specifically when binding or moving an event to a different VCPU. **Recommendations** For Xen version 4.4.x, consider restricting access to the evtchn fifo set pending function as a temporary workaround until a patch is available.