Advisory: XSA-259

The Meltdown mitigation work (XPTI) didn't correctly deal with an error path connecting the int $0x80 special case handing with general exception handling, which causes Xen to write 0 to an address near 2^64, and suffer a fatal pagefault.

The bug can be triggered by using int $0x80 before registering a handler with Xen. If vulnerable, Xen will crash.

See also: tests/xsa-259/main.c