An EPYC escape: Case-study of a KVM breakout, is proxmox safe?

[nttec]

was wondering if proxmox is vulnerable from this KVM breakout. is proxmox safe from this?

https://googleprojectzero.blogspot.com/2021/06/an-epyc-escape-case-study-of-kvm.html

 

[t.lamprecht]

Hi,

is proxmox safe from this?

in short: yes.

Quoting the post you linked:

The discussed bug was assigned CVE-2021-29657, affects kernel versions v5.10-rc1 to v5.12-rc6 and was patched at the end of March 2021

So, as the default kernel of Proxmox VE 6.x is the Linux Kernel 5.4.x LTS one we can safely state that it was never affected to begin with.

The available opt-in Kernel from the 5.11 release got the fix backported with the 5.11.12 stable release, as we have newer ones available on Proxmox VE 6.x (5.11.21-1-pve) and also on the Proxmox VE 7.0 Beta (5.11.22-1-pve), all supported and future Proxmox VE versions are not vulnerable to this specific KVM issue.