Published: 16 January 2013
The xen_failsafe_callback function in Xen for the Linux kernel 2.6.23 and other versions, when running a 32-bit PVOPS guest, allows local users to cause a denial of service (guest crash) by triggering an iret fault, leading to use of an incorrect stack pointer and stack corruption.
From the Ubuntu security team
Andrew Cooper of Citrix reported a Xen stack corruption in the Linux kernel. An unprivileged user in a 32bit PVOPS guest can cause the guest kernel to crash, or operate erroneously.