Some MMU virtualization operations on HVM guests must process every
page assigned to a guest. For larger guests, this can tie up a vcpu
for a significant amount of time, as the operations are not
For guests using Hardware Assisted Paging (HAP, see below) this is
CVE-2014-5146. For guests not using HAP this is CVE-2014-5149.
A malicious HVM guest with a large allocation of shadow/p2m RAM
can mount a denial of service attack affecting the whole system.