This security bulletin contains one low risk vulnerability.
Exploit availability: NoDescription
The vulnerability allows a local authenticated user to a crash the entire system.
An issue was discovered in Xen through 4.14.x. Some OSes (such as Linux, FreeBSD, and NetBSD) are processing watch events using a single thread. If the events are received faster than the thread is able to handle, they will get queued. As the queue is unbounded, a guest may be able to trigger an OOM in the backend. All systems with a FreeBSD, Linux, or NetBSD (any version) dom0 are vulnerable.Mitigation
Install update from vendor's website.Vulnerable software versions
Xen: 4.0.0 - 4.15.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?