26

This question originated from a discussion about VMs not being vulnerable to Meltdown.

Can Meltdown "break out" of a virtual machine, so to speak?

What is meant by this is: Can a program (with any access and priveledge level desired) within a fully-virtualized machine use the vulnerability to access memory on the host machine (which should include memory allocated to other VMs on the same host)?

Note that since two conflicting references have already been cited, answers must not only give references, but show how any opposing references are incorrect or not giving the whole picture.

NH.
  • 1,014
  • 1
  • 9
  • 20

1 Answers1

26

The references you mention don't conflict with each other. The first one claims for Meltdown that "Fully virtualized machines are not affected". The second one claims that the product is "vulnerable to Bounds Check Bypass and Branch Target Injection issues". These issues are not the Meltdown but the Spectre vulnerability.

Or to summarize:

  • CVE-2017-5753 - Bounds Check bypass (Spectre) - works cross VM
  • CVE-2017-5715 - Branch Target Injection (Spectre) - works cross VM
  • CVE-2017-5754 - Rogue Data Cache Load (Meltdown) - does not work cross VM
NH.
  • 1,014
  • 1
  • 9
  • 20
Steffen Ullrich
  • 190,458
  • 29
  • 381
  • 434