A freshly uncovered bug in the Xen virtualization hypervisor could potentially allow guests to escalate their privileges until they have full control of the hosts they’re running on.
The Xen hypervisor is used by cloud giants Amazon Web Services, IBM and Rackspace.
Inadequate security checks of how virtual machines access memory means a malicious, para-virtualised guest administrator can raise their system privileges to that of the host on un-patched installations, Xen said.
http://www.itnews.com.au/news/xen-patches-critical-guest-privilege-escalation-bug-431869
http://blog.quarkslab.com/xen-exploitation-part-2-xsa-148-from-guest-to-host.html