Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.

More... (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3687)