When a guest issues a “Soft Reset” (e.g. for performing a kexec) the libxl based Xen toolstack will normally perform a XS_RELEASE Xenstore operation.
Due to a bug in xenstored this can result in a crash of xenstored.
Any other use of XS_RELEASE will have the same impact.
A malicious guest could try to kexec until it hits the xenstored bug, resulting in the inability to perform any further domain administration like starting new guests, or adding/removing resources to or from any existing guest.
Only Xen version 4.17 is vulnerable. Systems running an older version of Xen are not vulnerable.
All Xen systems using C xenstored are vulnerable. Systems using the OCaml variant of xenstored are not vulnerable.
Systems running only PV guests (x86 only) are not vulnerable, as long as they are using a libxl based toolstack.