The vulnerability is in the QEMU open source machine emulator that ships as part of the Xen hypervisor. It affects only Xen systems on x86 systems; ARM-based systems aren t vulnerable. The affected versions include Xen 4.5.x, 4.4.x,. 4.3.x and 4.2.x in the qemu-xen-traditional branch. The bug required the attacker to be an authenticated user on the virtual machine. In April, a researcher from CrowdStrike disclosed a vulnerability in the virtual floppy disk drive controller.
Source: https://threatpost.com/xen-patches-vm-escape-flaw/114086/