Xen released an update to address several vulnerabilities that, if exploited, could result in unauthorized privilege escalation by a paravirtualization (PV) guest. All versions of Xen up to version 5 are vulnerable. The NJCCIC recommends Xen administrators review the Xen Security Advisory and apply the appropriate set of patches as soon as possible.