xen is vulnerable to denial of saervice. A race condition when migrating timers between x86 HVM vCPUs allows an attacker to cause a deadlock in the application which will result in a hang or application crash.
lists.opensuse.org/opensuse-security-announce/2020-10/msg00008.html
lists.fedoraproject.org/archives/list/[email protected]/message/4JRXMKEMQRQYWYEPHVBIWUEAVQ3LU4FN/
lists.fedoraproject.org/archives/list/[email protected]/message/DA633Y3G5KX7MKRN4PFEGM3IVTJMBEOM/
lists.fedoraproject.org/archives/list/[email protected]/message/RJZERRBJN6E6STDCHT4JHP4MI6TKBCJE/
security.gentoo.org/glsa/202011-06
www.debian.org/security/2020/dsa-4769
xenbits.xen.org/xsa/advisory-336.html