Joris Van Rantwijk

**Name of the Vulnerable Software and Affected Versions** Xen version 3.0.3 **Description** The issue allows local users with elevated privileges in a guest domain to execute arbitrary commands in domain 0. This is achieved by creating a crafted grub.conf file, whose contents are then used in exec statements, potentially leading to unauthorized command execution. **Recommendations** For Xen version 3.0.3, consider restricting access to the grub.conf file to prevent local users from crafting malicious configurations until a patch is available. As a temporary workaround, monitor domain 0 for suspicious activity and limit the privileges of guest domain users to minimize potential damage. At the moment, there is no information about a newer version that contains a fix for this vulnerability.