Hacker News new | past | comments | ask | show | jobs | submit login

>Last time VT-d virtualization was escaped was in 2006 and done by the Qubes founder herself:

Have you been living under a rock [0]?

>How is it about the containers?

Container security aka OS virtualization has been quite secure for a while now.

[0] https://www.csoonline.com/article/551445/significant-virtual...




> Have you been living under a rock [0]?

I think you don't understand: Qubes relies on hardware, not software virtualization: https://en.m.wikipedia.org/wiki/Hardware-assisted_virtualiza...


I think you don't understand. Qubes relies on software virtualization in conjunction with hardware assisted virtualization instruction sets. The aforementioned vulnerability existed in Qubes Xen.


It seems the aforementioned vulnerability (XSA-133) didn't even affect Qubes: https://www.qubes-os.org/security/xsa/. Also, such vulnerabilities were the reason for them to switch to VT-d by default: https://github.com/QubesOS/qubes-secpack/blob/master/QSBs/qs....

I'm not an expert, but how could it affect the VT-d even in principle? AFAIK VM escape is impossible with software exploits in this case, only side-channel attacks are.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: