Xen before 4.1.x, 4.2.x, and 4.3.x does not take the pagealloclock and grant_table.lock in the same order, which allows local guest administrators with access to multiple vcpus to cause a denial of service (host deadlock) via unspecified vectors.
{ "urgency": "not yet assigned" }