There are several security issues in xen which could lead to the execution of arbitrary code. The risk is MEDIUM. A malicious local administrator of guest domain could trigger this flaw to potentially execute arbitrary code outside of the domain.
More...