The libxl device-handling in Xen 4.6.x and earlier allows local OS guest administrators to cause a denial of service (resource consumption or management facility confusion) or gain host OS privileges by manipulating information in guest controlled areas of xenstore.
http://xenbits.xen.org/xsa/advisory-175.html
http://www.securitytracker.com/id/1036023
http://www.securityfocus.com/bid/91006
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html