Mitigation of Spectre and Meltdown affecting host OS from guest OS (Virtualbox)

Information Security Asked on November 29, 2020

I don’t know all the details of Spectre and Meltdown, but the way I understand it is that they allow reading from memory, not writing to it. Also, I read that at least Spectre can get out of the virtual machine and therefore also affect the host OS. Finally, the Whonix website says (summarized and emphasis added):

Experimental spectre/meltdown defenses. Testers only! Possibly not worth it due to huge performance penalty and unclear security benefits. Despite: host microcode upgrade, host kernel upgrade, VM kernel upgrade, spectre-meltdown-checker on the host showing “not vulnerable”, latest VirtualBox version, all spectre/meltdown related VirtualBox settings tuned for better security as documented below… VirtualBox is likely still vulnerable to spectre/meltdown. For reference see VirtualBox bug report / forum discussion. Users can only wait for VirtualBox developers to fix this.

So that said, what can be done to mitigate the impact of Spectre and Meltdown exploited from a guest OS and avoid them to affect the host OS?

What I think is that if Spectre and Meltdown only allow malware to read data (memory), then I guess a VM without a network connection could avoid the problem. The infected guest OS can read data from the host OS, but it won’t be able to send it anywhere. However, if I wanted my guest OS to be able to connect to the internet, then there’s going to be trouble and I wouldn’t know what to do.

One Answer

Most threats assume the presence of an internet connection. It is usually quite challenging to exfiltrate data without the internet.

Spectre and Meltdown vulnerabilities allow attackers to see data that is normally restricted. This may include cryptography keys, authentication tokens, or other highly sensitive data.

If your compromised VM has network connectivity, an attacker could steal any of that information from the underlying OS.

This is particularly dangerous in an enterprise environment, where hypervisor credentials could be stolen and used to compromise all of the guest VMs.

Answered by DoubleD on November 29, 2020

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP