The hot topic Intel bug & VMs

By SoCalRox
in Hardware Hangout

 Share

Recommended Posts

Mentor

SoCalRox

Posted
Posted

I'm curious, and thought perhaps some peeps here may know the answer to a curiosity I have.

The big "bug" in all these Intel (and AMD, ARM, et al.) chips- does it appear in VMs? In other words, is VMWare/Parallels/Virtual Box/etc. replicating that bug in order to be compatible, intentionally or not? And... if their virtual processors do not have that same design flaw, what effect does the fix have on a VM? I use a lot of VMs, with different OSes, and am curious...

Link to comment
https://www.neowin.net/forum/topic/1353834-the-hot-topic-intel-bug-vms/
Share on other sites
Grand Master

xendrome

Posted
Posted

The instruction set would be the same across physical or VM, so I would assume the VM host providing software is not going to step in and apply their own fix at the hyper-visor level. That could cause compatibility issues now/later. So you are going to want to BIOS update he physical system, and patch any host and VM OS's to cover all aspects.

Veteran

+Biscuits Brown MVC

Posted
  • MVC
Posted

I actually thought virtualized systems were more at risk since the possibility exists that data from one VM instance (or even the host) can be read from another VM instance because the data in the speculative cache isn't segmented. Now granted, the data in that cache is random (from a single process point of view) and the attacker would need to realistically already have compromised the system with rouge code in order to potentially read something of value, but the risk is there - especially in larger virtual environments.

Grand Master

Mockingbird

Posted
Posted (edited)

The risk you are talking about specifically concerns Meltdown which affects Intel processors and some ARM design.

 

It does not affect AMD processors nor most ARM processors.

 

The vulnerability involves exploiting Meltdown on a virtual machine in order to access memory from the host machine.

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

 

Virtual machine software such as VMware Workstation or Oracle Virtual Box do not emulate the processor of the host computer, they virtualize access to it.

 

As such, if the host system is vulnerable to Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754) vulnerabilities, the guest operating systems are as well.

 

Regards,

 

Aryeh Goretsky

 

  • DConnell and Mando
  • Like 2
Grand Master

Mando

Posted
Posted
On 1/19/2018 at 2:24 PM, Zag L. said:

I actually thought virtualized systems were more at risk since the possibility exists that data from one VM instance (or even the host) can be read from another VM instance because the data in the speculative cache isn't segmented. Now granted, the data in that cache is random (from a single process point of view) and the attacker would need to realistically already have compromised the system with rouge code in order to potentially read something of value, but the risk is there - especially in larger virtual environments.

cant confirm 100% on other VSs, but esxi is not affected by spectre/meltdown, when used in conjunction with the Bios upd. the CPU?s are virtualised, not emulated on esxi.

 

on my X Series hosts @work, post patching, im seeing zero slowdown, but my HA Cluster setup (3 hosts) runs cpu utilisation under 10% for 99% of the time :p I just ramped up each VMs CPU allocation, any slowdown mitigated :p 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • OpenAI and Broadcom unveil Jalapeño, a new AI chip built for LLM inference

      By Farchord · Posted

      Ooooo it is hot hot hot!
    • Politically funny images of the World

      By snowy owl · Posted

    • Micron reveals AI companies are spending billions to lock up its memory years in advance

      By Arceles · Posted

      Ah well, who needs computers in the next 10... 15 years right? At this point is just money laundering.
    • RollerCoaster Tycoon 3 and Voidwrought are free on the Epic Games Store

      By LoneWolfSL · Posted

      RollerCoaster Tycoon 3 and Voidwrought are free on the Epic Games Store by Pulasthi Ariyasinghe PC gamers can now jump in and grab two more games to keep this week, as the Epic Games Store's ever-present giveaway promotion has just gone through another refresh. Replacing last week's Citizen Sleeper and Robobeat offers, the store has brought in RollerCoaster Tycoon 3 Complete Edition and Voidwrought to keep. From the duo, Roller Coaster Tycoon 3: Complete Edition is an enhanced version of the classic title that was originally released in 2004. It comes with enhancements such as widescreen and 1080p resolution support, as well as increased compatibility with modern PC hardware. It also comes bundled with all the extra content from the Soaked! and Wild! expansion packs. "Control park finances, shops, services and staff to succeed in dozens of scenarios," reads the description. "Become a true tycoon and embark on your promising new career, or create your ideal park without money woes in sandbox mode. Satisfy your guests’ needs and keep your park running smoothly to succeed." If management is not your style, Voidwrought lands as a 2D action-platformer featuring hand-drawn cosmic horrors. The title touts tight platforming and close‑quarters combat, all brought together with a strong emphasis on mobility. "Descend below the star-scorched surface and explore the multidimensional depths below," says the studio Powersnake about the game. "Witness the corrupted revelry of the Court, lose yourself in the icy tunnels of the Old Waters, and discover the grim fate of the Abandoned Expedition." The RollerCoaster Tycoon 3 Complete Edition and Voidwrought giveaways are set to run until June 25 on the Epic Games Store, giving PC gamers seven days to claim the latest offer. Once this closes out, new freebies will take their place on the same day as always. Don't forget that mobile gamers can check out the Epic Game Store's weekly giveaways on Android and iOS to grab a freebie there as well.
    • Apple raises MacBook and iPad prices as memory costs surge

      By Ccl Ncc · Posted

      I have a feeling this memory shortage issues are going to linger 6-8 years so until and unless Chinese memory floods the markets we are doomed

  • Recent Achievements

    • First Post
      kinowa earned a badge
      First Post
    • Rookie
      krychek57 went up a rank
      Rookie
    • Grand Master
      Jaybonaut went up a rank
      Grand Master
    • One Year In
      Philsl earned a badge
      One Year In
    • Dedicated
      Scoobystu earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      442
    2. 2
      +Edouard
      169
    3. 3
      PsYcHoKiLLa
      134
    4. 4
      Xenon
      77
    5. 5
      Michael Scrip
      75
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!