This issue reminds me of an email Theo de Raadt sent to the misc@ OpenBSD mailing list:
Virtualization seems to have a lot of security benefits.
You’ve been smoking something really mind altering, and I think you
should share it.
x86 virtualization is about basically placing another nearly full
kernel, full of new bugs, on top of a nasty x86 architecture which
barely has correct page protection. Then running your operating
system on the other side of this brand new pile of shit.
You are absolutely deluded, if not stupid, if you think that a
worldwide collection of software engineers who can’t write operating
systems or applications without security holes, can then turn around
and suddenly write virtualization layers without security holes.
You’ve seen something on the shelf, and it has all sorts of pretty
colours, and you’ve bought it.
Granted we live in a world where virtualization is pretty much unavoidable. I myself was struck by this issue yesterday on vultr.com when I had to manually reboot my mailserver/owncloud server after the provider patched their stack.
It’s worrying that people assume ‘it doesn’t affect me’ since:
I am not a VPS provider
I don’t use a floppy drive
It requires root to have impact on me
Issues like this one have now a much larger impact than a specific kernel vulnerability as both the virtualization space is more limited in software diversity (kvm, qemu, xen, vmware) & deploys a large amount of servers on those platforms where the instance admins might not be aware of the impact a bug like this has on them.
This issue reminds me of an email Theo de Raadt sent to the misc@ OpenBSD mailing list:
Granted we live in a world where virtualization is pretty much unavoidable. I myself was struck by this issue yesterday on vultr.com when I had to manually reboot my mailserver/owncloud server after the provider patched their stack.
It’s worrying that people assume ‘it doesn’t affect me’ since:
Issues like this one have now a much larger impact than a specific kernel vulnerability as both the virtualization space is more limited in software diversity (kvm, qemu, xen, vmware) & deploys a large amount of servers on those platforms where the instance admins might not be aware of the impact a bug like this has on them.