Karna@lemmy.ml to Selfhosted@lemmy.worldEnglish · 1 month agoNew VMScape attack breaks guest-host isolation on AMD, Intel CPUswww.bleepingcomputer.comexternal-linkmessage-square5fedilinkarrow-up154arrow-down10
arrow-up154arrow-down1external-linkNew VMScape attack breaks guest-host isolation on AMD, Intel CPUswww.bleepingcomputer.comKarna@lemmy.ml to Selfhosted@lemmy.worldEnglish · 1 month agomessage-square5fedilink
minus-squarecircuscritic@lemmy.calinkfedilinkEnglisharrow-up10·1 month agoI skimmed most of the article, glad to see it’s been patched. It looks like the attack vector requires access to a VM on the host machine i.e. public cloud/VPS. So maybe not a huge risk exclusively for self hosted configurations?
minus-squarefrongt@lemmy.ziplinkfedilinkEnglisharrow-up7·1 month agoMostly no, unless you expose your VM to the Internet or run untrusted code.
minus-squareTheBlackLounge@lemmy.ziplinkfedilinkEnglisharrow-up6arrow-down1·1 month agoAnybody who does docker compose pull for any service?
minus-squarecircuscritic@lemmy.calinkfedilinkEnglisharrow-up10arrow-down1·1 month agoIt’s a QEMU specific vulnerability.
minus-squareferret@sh.itjust.workslinkfedilinkEnglisharrow-up3·1 month agoIt is a CPU vulnerability, so while the researchers used QEMU for their example, it is not necessarily specific to it.
I skimmed most of the article, glad to see it’s been patched.
It looks like the attack vector requires access to a VM on the host machine i.e. public cloud/VPS.
So maybe not a huge risk exclusively for self hosted configurations?
Mostly no, unless you expose your VM to the Internet or run untrusted code.
Anybody who does docker compose pull for any service?
It’s a QEMU specific vulnerability.
It is a CPU vulnerability, so while the researchers used QEMU for their example, it is not necessarily specific to it.