SideChannelAttack on L3-Cache allows VM to read host/other VMs data

F

Frazze

Member
Feb 24, 2012
53
0
6
You can read all about it here:

http://eprint.iacr.org/2013/448.pdf

Short summary: On Intel CPUs starting from i-2000 generation (Sandy Bridge) and maybe also some AMD CPUs with shared L3-Cache (or LLC, Last-Level-Cache) it is possible for a VM to read data which normaly should not be accessible to the VM (like host's data or other VM's data).

Disabling memory de-duplication seems to fix the problem.


Just to let people know, it's not really Proxmox related, but makes sense to post here IMHO.
 
Disabling memory de-duplication comes with a cost. Each VM will then hold an identical set of common code which means increased total memory consumption and therefore your maximum number of concurrent running VM's decreases.
 
Of course it does. I am just posting one possible solution. maybe there are others, but I don't know of any others
 
You must log in or register to reply here.

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Quick Navigation

Home Get Subscription Wiki Downloads Proxmox Customer Portal About

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!
Community platform by XenForo® © 2010-2024 XenForo Ltd.
Top Bottom
Back