An off-by-one flaw was found in one of the two patches for CVE-2020-27671 (XSA-346). This flaw allows malicious x86 HVM and PVH guests to cause host data corruption and data leaks, resulting in a denial of service or potential privilege escalation. The highest threat from this vulnerability is to confidentiality, integrity as well as system availability.
Avoid passing through physical devices to untrusted guests.