The hot topic Intel bug & VMs

By SoCalRox
in Hardware Hangout

 Share

Recommended Posts

Mentor

SoCalRox

Posted
Posted

I'm curious, and thought perhaps some peeps here may know the answer to a curiosity I have.

The big "bug" in all these Intel (and AMD, ARM, et al.) chips- does it appear in VMs? In other words, is VMWare/Parallels/Virtual Box/etc. replicating that bug in order to be compatible, intentionally or not? And... if their virtual processors do not have that same design flaw, what effect does the fix have on a VM? I use a lot of VMs, with different OSes, and am curious...

Link to comment
https://www.neowin.net/forum/topic/1353834-the-hot-topic-intel-bug-vms/
Share on other sites
Grand Master

xendrome

Posted
Posted

The instruction set would be the same across physical or VM, so I would assume the VM host providing software is not going to step in and apply their own fix at the hyper-visor level. That could cause compatibility issues now/later. So you are going to want to BIOS update he physical system, and patch any host and VM OS's to cover all aspects.

Veteran

+Biscuits Brown MVC

Posted
  • MVC
Posted

I actually thought virtualized systems were more at risk since the possibility exists that data from one VM instance (or even the host) can be read from another VM instance because the data in the speculative cache isn't segmented. Now granted, the data in that cache is random (from a single process point of view) and the attacker would need to realistically already have compromised the system with rouge code in order to potentially read something of value, but the risk is there - especially in larger virtual environments.

Grand Master

Mockingbird

Posted
Posted (edited)

The risk you are talking about specifically concerns Meltdown which affects Intel processors and some ARM design.

 

It does not affect AMD processors nor most ARM processors.

 

The vulnerability involves exploiting Meltdown on a virtual machine in order to access memory from the host machine.

Grand Master

goretsky Supervisor

Posted
  • Supervisor
Posted

Hello,

 

Virtual machine software such as VMware Workstation or Oracle Virtual Box do not emulate the processor of the host computer, they virtualize access to it.

 

As such, if the host system is vulnerable to Spectre (CVE-2017-5715, CVE-2017-5753) and Meltdown (CVE-2017-5754) vulnerabilities, the guest operating systems are as well.

 

Regards,

 

Aryeh Goretsky

 

  • DConnell and Mando
  • Like 2
Grand Master

Mando

Posted
Posted
On 1/19/2018 at 2:24 PM, Zag L. said:

I actually thought virtualized systems were more at risk since the possibility exists that data from one VM instance (or even the host) can be read from another VM instance because the data in the speculative cache isn't segmented. Now granted, the data in that cache is random (from a single process point of view) and the attacker would need to realistically already have compromised the system with rouge code in order to potentially read something of value, but the risk is there - especially in larger virtual environments.

cant confirm 100% on other VSs, but esxi is not affected by spectre/meltdown, when used in conjunction with the Bios upd. the CPU?s are virtualised, not emulated on esxi.

 

on my X Series hosts @work, post patching, im seeing zero slowdown, but my HA Cluster setup (3 hosts) runs cpu utilisation under 10% for 99% of the time :p I just ramped up each VMs CPU allocation, any slowdown mitigated :p 

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • Microsoft confirms Windows 11 26H2, urges IT admins to prepare for release

      By nekrosoft13 · Posted

      I now have a option to switch to 26h1 on my x86 system right in windows updates.
    • Microsoft raises Xbox console prices by up to $150, discontinues 2TB version

      By eilegz · Posted

      Of all the companies, Microsoft is one of those who pushed for AI and make everything worse for consumers so they can take the blame
    • Elgato Stream Deck+ is now available at the lowest price

      By TarasBuria · Posted

      Elgato Stream Deck+ is now available at the lowest price by Taras Buria During Amazon Prime Day 2026, Elgato is offering a big discount on its Stream Deck+ accessory. This streaming and productivity accessory is now available for $141.99, thanks to a 21% discount. For those unfamiliar, the Stream Deck+ is a console-like device that features eight buttons with built-in displays. You can map these buttons to various actions and specify what each display shows. Unlike "classic" Stream Decks, the Plus model features four additional knobs for adjusting zoom, brightness, volume, microphone, and more. Above the knobs, there is a wide display that shows various values and sliders. Elgato's Stream Deck devices are highly customizable devices, and you can expand their capabilities using hundreds of plugins from the official Elgato Marketplace. You can create your own presets or use pre-made profiles to save time when configuring the device for specific apps. In the box, you get the Stream Deck+ itself, a USB Type-C to Type-C cable, and a user manual. The Stream Deck+ is a single-cable device, and all you need to set it up is to connect it to your computer and install the official Elgato app. Elgato Stream Deck+ - $141.99 | 21% off for Prime Members Good to know This Amazon deal is U.S. specific, and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.
    • Rufus alternative Ventoy now supports Windows 11's mandatory update, fixes major boot bug

      By Zeromus2003 · Posted

      Can you give an example of when you would want to use Rufus over the other or vice versa? Just wondering which is the "best".
    • Steam Summer Sale 2026 kicks off offering weeks of PC game discounts

      By Zeromus2003 · Posted

      Oh no...the wallet is already screaming. So many games and so little time. Being old and responsible is awful!

  • Recent Achievements

    • First Post
      kinowa earned a badge
      First Post
    • Rookie
      krychek57 went up a rank
      Rookie
    • Grand Master
      Jaybonaut went up a rank
      Grand Master
    • One Year In
      Philsl earned a badge
      One Year In
    • Dedicated
      Scoobystu earned a badge
      Dedicated

  • Popular Contributors

    1. 1
      +primortal
      417
    2. 2
      +Edouard
      168
    3. 3
      PsYcHoKiLLa
      132
    4. 4
      Xenon
      73
    5. 5
      Michael Scrip
      73
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!