http://www.openwall.com/lists/oss-security/2013/06/20/4
A malicious PV domain administrator who can specify their own kernel can escalate their privilege to that of the domain construction tools (i.e., normally, to control of the host).
So one can boot a specially crafted kernel inside a VPS, and gain control of the host node.
Looks like these days you can't trust anything - OpenVZ, Solus, now Xen. Makes me want to cancel all my remaining VPSes and just move everything to dedis.