New Security Vulnerability in ESXi

VMware posted this article where academic research has found a vulnerability with Transparent Page Sharing (TPS). Apparently they can use this to determine the “private” AES encryption key of another virtual machine. Woops … another “breakout attack” for VMware. I’m still waiting on the first one for Hyper-V.

TPS is one of those features that vFanboys cling to when attacking Hyper-V Dynamic Memory. Now VMware are turning if off by default (starting Q4 2014 for ESXi 5.1, and later for other versions). Hmm, this case raises questions about the security design of vSphere.

I agree with VMware that the vulnerability is impractical in terms of usefulness to an attacker. But what if you could use TPS to get the private SSL key of an application server in a multi-tenant cloud, and then use that to launch man-in-the-middle attacks? That would be a serious threat.

Choose your hypervisor carefully – breakout attacks are BAD.

I wonder what fresh hate will be vomited in my direction by the vFanboys 😀 Thanks to Flemming Riis (@FlemmingRiis) for the heads up.

Technorati Tags: ,,

2 thoughts on “New Security Vulnerability in ESXi”

  1. Since the introduction of large pages TPS has lost importance. ESXi and Hyper-V have different memory management techniques and I don’t think that you compare them 1 to 1. A hypervisor consists of more than only memory or resource management. 😉

    Disabling TPS seems logical to me, but I don’t think that this is a big deal. Much whining about nothing. 😉

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.