Host crash due to guest VMX instruction execution

ISSUE DESCRIPTION

Permission checks on the emulation paths (intended for guests using nested virtualization) for VMLAUNCH and VMRESUME were deferred too much. The hypervisor would try to use internal state which is not set up unless nested virtualization is actually enabled for a guest.

IMPACT

A malicious or misbehaved HVM guest, including malicious or misbehaved user mode code run in the guest, might be able to crash the host.

VULNERABLE SYSTEMS

Xen 4.2.x and later are vulnerable. Xen 4.1.x and earlier are not vulnerable.
Only HVM guests run on VMX capable (e.g. Intel) hardware can take advantage of this vulnerability.