Does the CPU in a virtual machine inherit the sins (vulnerabilities) of its father?
Linux - Virtualization and CloudThis forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does the CPU in a virtual machine inherit the sins (vulnerabilities) of its father?
I am running VMWare Player 12.5.7 on a Dell Precision workstation with an Intel i7-6700 - CentOS 7 (as the host). This processor would appear to be in the population susceptible to Spectra & Meltdown.
If I fire up a CentOS 7 virtual machine on this host is the "virtual CPU" also susceptible?
How about if I run a 32 bit virtual machine such as a virtualized Windows 7 image made from a 32 bit physical machine? Or perhaps Ubuntu 32 bit built in VMWare player on the host?
By susceptible I am referring to an attack vector into the VM (from a web browser attach perhaps) getting to an encryption key in the memory of the VM. I am not considering an attack vector into the memory of the host and then into the memory of a VM which happens to be residing in the physical RAM of the host.
Thanks jefro, I DO update all of the systems. I was just wondering if visualization emulated vulnerabilities as well as other hardware features
I knew I should have bought a Dec Alpha based workstation some years ago. In only cost as much as a mid size car. As it is, the only machines which I have which are immune from the current vulnerabilities du jour are an ancient Pentium 4 desktop, an Intel Atom (under)powered netbook and a Raspberry Pi (which runs only 32 bit). I should never have gotten rid of my Osborne
Not sure the DEC Alpha is immune now that you mention it. Wonder if it was tested? It does share a lot of design with newer intel processors I thought as DEC was parted out.
My neighbor was selling Alpha processors at one time for $5000 each in lots of 1000. Where I work at we still run them. A $25,000 system, seemingly well spent.
Distribution: VM Host: Slackware-current, VM Guests: Artix, Venom, antiX, Gentoo, FreeBSD, OpenBSD, OpenIndiana
Posts: 1,008
Rep:
Quote:
Originally Posted by taylorkh
I am running VMWare Player 12.5.7 on a Dell Precision workstation with an Intel i7-6700 - CentOS 7 (as the host). This processor would appear to be in the population susceptible to Spectra & Meltdown.
If I fire up a CentOS 7 virtual machine on this host is the "virtual CPU" also susceptible?
How about if I run a 32 bit virtual machine such as a virtualized Windows 7 image made from a 32 bit physical machine? Or perhaps Ubuntu 32 bit built in VMWare player on the host?
By susceptible I am referring to an attack vector into the VM (from a web browser attach perhaps) getting to an encryption key in the memory of the VM. I am not considering an attack vector into the memory of the host and then into the memory of a VM which happens to be residing in the physical RAM of the host.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.