CVE-2014-2599
http://xenbits.xen.org/xsa/advisory-89.html
HVMOPsetmem_access is not preemptible
Processing of the HVMOPsetmem_access HVM control operations does not check the size of its input and can tie up a physical CPU for extended periods of time.
long operation not preemptible
http://xenbits.xen.org/xsa/xsa89.patch
x86: enforce preemption in HVM_set_mem_access / p2m_set_mem_access()
Processing up to 4G PFNs may take almost arbitrarily long, so preemption is needed here.
In a configuration where device models run with limited privilege (for example, stubdom device models), a guest attacker who successfully finds and exploits an unfixed security flaw in qemu-dm could leverage the other flaw into a Denial of Service affecting the whole host.
In the more general case, in more abstract terms: a malicious administrator of a domain privileged with regard to an HVM guest can cause Xen to become unresponsive leading to a Denial of Service.
DoS