Karna@lemmy.ml to Selfhosted@lemmy.worldEnglish · 1 day agoNew VMScape attack breaks guest-host isolation on AMD, Intel CPUswww.bleepingcomputer.comexternal-linkmessage-square5linkfedilinkarrow-up150arrow-down10
arrow-up150arrow-down1external-linkNew VMScape attack breaks guest-host isolation on AMD, Intel CPUswww.bleepingcomputer.comKarna@lemmy.ml to Selfhosted@lemmy.worldEnglish · 1 day agomessage-square5linkfedilink
minus-squarecircuscritic@lemmy.calinkfedilinkEnglisharrow-up9·1 day agoI skimmed most of the article, glad to see it’s been patched. It looks like the attack vector requires access to a VM on the host machine i.e. public cloud/VPS. So maybe not a huge risk exclusively for self hosted configurations?
minus-squarefrongt@lemmy.ziplinkfedilinkEnglisharrow-up6·1 day agoMostly no, unless you expose your VM to the Internet or run untrusted code.
minus-squareTheBlackLounge@lemmy.ziplinkfedilinkEnglisharrow-up5arrow-down1·1 day agoAnybody who does docker compose pull for any service?
minus-squarecircuscritic@lemmy.calinkfedilinkEnglisharrow-up10·1 day agoIt’s a QEMU specific vulnerability.
minus-squareferret@sh.itjust.workslinkfedilinkEnglisharrow-up1·11 hours agoIt is a CPU vulnerability, so while the researchers used QEMU for their example, it is not necessarily specific to it.
I skimmed most of the article, glad to see it’s been patched.
It looks like the attack vector requires access to a VM on the host machine i.e. public cloud/VPS.
So maybe not a huge risk exclusively for self hosted configurations?
Mostly no, unless you expose your VM to the Internet or run untrusted code.
Anybody who does docker compose pull for any service?
It’s a QEMU specific vulnerability.
It is a CPU vulnerability, so while the researchers used QEMU for their example, it is not necessarily specific to it.