Reported to security but was also entered into public bz at
http://bugzilla.xensource.com/bugzilla/show_bug.cgi?id=1068

...
Pygrub is a Xen utility which emulates the Grub bootloader
such that boot parameters of a guest domain can be configured
from inside that guest domain. Pygrub is distributed with Xen.

When booting a guest domain, pygrub uses Python exec() statements
to process untrusted data from grub.conf.  By crafting a grub.conf
file, the root user in a guest domain can trigger execution of
arbitrary Python code in domain 0.

The offending code is in xen/tools/pygrub/src/GrubConf.py, in lines
such as

  exec("%s = r\"%s\"" %(self.commands[com], arg.strip()))

This can be exploited from within a guest domain, for example by
modifying /boot/grub/grub.conf and changing the 'default' statement
into something like

  default "+str(0*os.system(" insert evil command here "))+"

On the next boot of the guest domain, the evil command will execute
in domain 0.

Whether this is a security problem depends on how Xen is used.
It definitely is a problem in the case where pygrub is used to boot
a guest domain while system administration of that guest domain
is delegated to an untrusted party.
...