Such a DoS attack might actually just exhaust the range 1..254 (qubes.config.max_qid), at which point no new VMs of any type can be created - until those DispVMs are removed manually, or automatically during the next reboot.
1 Like