If realloc(3) fails then libxl_list_cpupool will incorrectly return the now-free original pointer.
An attacker may be able to cause a multithreaded toolstack using this function to race against itself leading to heap corruption and a potential DoS. Depending on the malloc implementation code execution cannot be ruled out.
The flaw is present in Xen 4.2 onwards. Systems using the libxl toolstack library are vulnerable.