has there ever been a hole like this in vmware esx?
I've thought about it from time to time and I really can't recall of any security issues in esx that allowed this kind of thing to happen. I just did a quick check and I see one related to vmware workstation(which I do recall that issue). Though obviously workstation and esx are totally different beasts.
I see an issue related to vmware cloud (vcloud I assume?) a few years ago that allowed someone to upload a vmdk that allowed the person to apparently read any file on the system(never have/will use vcloud anyway).
But I can't think of any time where if you were in a guest you could get to the host somehow. I do recall issue(s) related to the kernel file system driver that grants access to the host file systems via the guest, though I believe that again was on the desktop products (never used that driver either).
This is obviously not the first time such a bug has been exposed in Xen, a quick search shows one more from earlier in the year and apparently one more back in 2012, maybe more I didn't spend too long on it.