New VMScape attack breaks guest-host isolation on AMD, Intel CPUs (www.bleepingcomputer.com)
from KarnaSubarna@lemmy.ml to selfhosted@lemmy.world on 11 Sep 17:31
https://lemmy.ml/post/36007469

#selfhosted

threaded - newest

circuscritic@lemmy.ca on 11 Sep 18:05 collapse

I skimmed most of the article, glad to see it’s been patched.

It looks like the attack vector requires access to a VM on the host machine i.e. public cloud/VPS.

So maybe not a huge risk exclusively for self hosted configurations?

frongt@lemmy.zip on 11 Sep 18:25 collapse

Mostly no, unless you expose your VM to the Internet or run untrusted code.

TheBlackLounge@lemmy.zip on 11 Sep 18:52 collapse

Anybody who does docker compose pull for any service?

circuscritic@lemmy.ca on 11 Sep 19:50 collapse

It’s a QEMU specific vulnerability.

aBundleOfFerrets@sh.itjust.works on 12 Sep 11:04 collapse

It is a CPU vulnerability, so while the researchers used QEMU for their example, it is not necessarily specific to it.