CVE-2014-1896
http://xenbits.xen.org/xsa/advisory-86.html
libvchan failure handling malicious ring indexes
libvchan (a library for inter-domain communication) does not correctly handle unusual or malicious contents in the xenstore ring. A malicious guest can exploit this to cause a libvchan-using facility to read or write past the end of the ring.
improper error handling (overread and overwrite)
http://xenbits.xen.org/xsa/xsa86.patch
Fix this by introducing new available bytes accessor functions raw_get_data_ready and raw_get_buffer_space which are robust against mad ring states, and only return sanitised values.
libvchan-using facilities are vulnerable to denial of service and perhaps privilege escalation.
DoS, privilege escalation