Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself?
On Tue, Apr 08, 2014 at 10:11:32AM -0400, James B. Byrne wrote:
Is it possible to use this exploit against a kvm guest to read memory used by the host? In other words: if an exploitable service, say httpd with mod_ssl, is running in guest system 'vm1' hosted on system 'virthost' then what implications does that have with respect to guests vm2 and vm3 and to virthost itself?
As I understand it, no. In fact, the memory read doesn't even cross normal *memory protections within* the VM -- this is not a kernel exploit.
-
James B. Byrne -
Matthew Miller