Isolation of Virtual Machine bus

Good information from the Virtualization team blog:

"Each VM has a separate instance of VMBus.  VMBus is a bus only in the sense that multiple VSCs inside a VM share the same instance of VMBus.  This means that a local, kernel mode compromise of a VM will not reveal any data from other VMs.  That said, a vulnerability in VMBus and VSPs in the root partition could critically affect VM isolation if the vulnerability resulted in arbitrary code execution there.  For this reason we treat all data coming from guest VSCs to the root VSPs over VMBus as untrusted data when validating the Hyper-V root components."

In a session last week someone specifically asked whether VMBUS is independent or shared.  Thank you to Michael Icore for sending this link to me.

Comments (0)

Skip to main content