HYPERVISOR_hvm_op sub-op HVMOP_set_param's HVM_PARAM_CALLBACK_IRQ operation intends to log the new callback method in debug builds only. The full message, however, is split into two parts, the second one of which didn't get suppressed on non-debug builds as would have been intended. These log messages are not rate-limited and can be triggered by guests.
A malicious guest could cause repeated logging to the hypervisor console, leading to a Denial of Service attack.
Xen version 4.6 is affected. Older Xen versions are unaffected. ARM systems are not affected. Only x86 HVM guests can expose this vulnerability.