Xen through 4.8.x does not validate the port numbers of polled event channel ports, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) or possibly obtain sensitive information, aka XSA-221.
Xen
DDoS
CVE-2017-10917
NVD
Refer to CVE-2017-10917 NVD advisory