The grant-table feature in Xen through 4.8.x does not ensure sufficient type counts for a GNTMAP_device_map and GNTMAP_host_map mapping, which allows guest OS users to cause a denial of service (count mismanagement and memory corruption) or obtain privileged host OS access, aka XSA-224 bug 2.
The grant-table feature in Xen
DDoS
CVE-2017-10921
NVD
Refer to CVE-2017-10921 NVD advisory