Highest Voted 'kvm' Questions - IT Security Stack Exchange

9

votes

2 answers

Does Docker provide the same security as a vm

Does Docker provide the same level of security/isolation as a virtual machine running over a hypervisor? If not, how can that be achieved?

virtualization docker kvm

asked Jan 12 '16 at 21:39

Ijaz Ahmad

1,592
1
11
20

6

votes

1 answer

GPU passthrough security

How secure is the host operating system from the guest virtual machine's OS when using GPU passthrough (using the methods described here)? If the guest is compromised, can it permanently infect the GPU and its firmware? If it's possible, what could…

linux virtualization gpu kvm

asked Jun 16 '17 at 15:56

user220850

101
5

4

votes

2 answers

Can USB ethernet passthrough to a KVM virtual machine isolate network-related kernel vulnerabilities?

I'm worried about the attack surface that the linux kernel networking stack, including nic drivers and packet filtering, offers to a remote attacker. So I'm planning to isolate as much of the networking code (drivers, packet filtering etc) in a KVM…

network linux virtualization kernel kvm

asked Feb 26 '17 at 14:15

Out of Band

9,150
1
21
30

3

votes

1 answer

How secure is QEMU/KVM?

I'm worrying about the security of the VM host machine (against guests) as the Kernel-Based Vitrual Machine operates at kernel level. UPDATE: Is there any guarantee that a guest can't manipulate/break the host system (execute instructions,…

virtualization kernel kvm

asked Jun 04 '15 at 14:30

Al Klimov

131
1
4

3

votes

1 answer

Are paravirtualized drivers a security risk?

Below is a copy of my answer that I gave in some other thread (Would running VMs inside of VMs be a more secure way to study viruses, etc?) about a topic of security of nested virtualization. I would like to know whether my answer was right of…

linux virtualization kvm

asked Nov 24 '14 at 08:19

Matrix

3,988
14
25

3

votes

1 answer

Can information somehow be secured from the host on a KVM guest?

With KVM guest systems so prevalent now, I was wondering if there is any merit in using LUKS encrypted storage, as the guest will usually be always on, so the information is always accessible unencrypted to the guest, and thus to the host. Are there…

encryption luks kvm

asked Jan 02 '19 at 05:54

pepa65

31
1

3

votes

1 answer

How protected are files within a running encrypted VM on a possibly non secure hypervisor / host?

I've got a set of source code files (compiled C#) that I want to prevent direct read access to. The program will be running on the VM. I was thinking of storing these in an encrypted hard disk VM, the VM would use these files in conjunction with a…

disk-encryption source-code drm kvm

asked Mar 15 '18 at 18:08

Chris Stryczynski

141
4

3

votes

2 answers

What lightweight sandboxing options do I have on linux?

What can I use to avoid running a full-fledged VM that gives me comparable security? Possibly, something like https://coreos.com/rkt/ but I don't know what their security properties are.

linux kvm container lxc

asked Jan 31 '17 at 15:16

Elias

1,915
1
9
17

3

votes

1 answer

Does Linux “Dirty COW” Exploit allow for escalation outside a virtual machine?

Vulnerability CVE–2016–5195 deals with privilege escalation in Linux systems. In a virtual environment with hypervisor KVM and QEMU, can a virtual machine get access to it's host? If not, what is the protective layer here?

virtualization kvm dirty-cow

asked Oct 25 '16 at 15:12

Niklas Hagman

33
3

2

votes

1 answer

Remote Administrative Access to a server, KVM over IP or HP iLo?

We have a situation. We want to grant remote administrative access to one of our servers for clients. As I know, there are two possible ways: 1- KVM-over-IP and 2-HP iLO. The most important thing for us is security. Next we would like to consider…

server remote-server kvm

asked Jul 14 '15 at 07:38

A23149577

153
1
11

2

votes

0 answers

What are the security risks of running QEMU/KVM as root?

Context: I own a machine; I trust root and all the accounts. I virtualize untrusted guests using KVM, and don't want them to escape. When /dev/kvm has the right permissions, non-root users can run KVM guests. Does this bring any security advantages…

virtualization root kvm

asked Aug 05 '20 at 20:21

punkeel

121
5

2

votes

1 answer

Is Meltdown/Spectre mitigation necessary in virtual machine as well as in hypervisor?

I am running virtual machines in kvm/qemu hypervisor. The hypervisor has Meltdown/Spectre mitigation enabled in kernel. Is it necessary that virtual machines have the Meltdown/Spectre mitigation enabled as well, or is the protection provided by the…

virtualization kernel meltdown spectre kvm

asked Dec 08 '18 at 12:18

Martin Vegter

1,826
4
27
39

2

votes

0 answers

Is it secure to enable KVM Device for Docker Runner in GitLab Continuous Integration?

I need to enable KVM for my android-ci Docker image to work for emulator based instrumentation tests. The Android emulator requires the kvm device. Therefore I specify the following in the Runner config…

docker kvm

asked Sep 26 '17 at 14:05

kmindi

121
3

2

votes

1 answer

CVE-2016-5195 - impacts on virtualization

I wonder if the recently found CVE-2016-5195 can be used to break out of KVM or OpenVZ virtualization to gain access to the host system? Basically, I believe that the local privileges can not be used for that because an attacker would need to have…

virtualization cve kvm

asked Oct 20 '16 at 22:57

user2933212

35
4

1

vote

2 answers

Browser fingerprint is unique while running a VM of a clean install of Windows 10

So I used Qemu on Ubuntu 20 to emulate a computer running windows 10. I kept all of Qemu default values. Then, while installing the Windows 10 iso, I kept all the default values once again. Finally, I went on : https://amiunique.org/fp And the site…

web-browser virtualization fingerprint kvm

asked Jun 10 '21 at 16:40

propre_poli

13
3

Questions tagged [kvm]