Running code isolated by a bare-metal VMM like Xen is much better than running it in bare-metal Linux from a security standpoint. Comparing Linux and Xen vulns, there is a stark contrast. And that is even before one subtracts DOS and vulns in superfluous Qemu components.
So, yes, VM breakout "is a thing", but mainly on hypervisors that were designed to run on top of a complex OS and dedicated foremost to administrative convenience.
Tails has the drawback that its vulnerable to DMA attacks, i.e. if your NIC or USB controller is compromised, then it can do anything and even has a chance to install malware in the BIOS, drive firmware, etc. Qubes uses the IOMMU to isolate risky hardware, so this type of attack is prevented.