Host storage devices vulnerable with KVM Linux virtualisation – The H Security
According to a kernel update advisory by Red Hat, root users in a guest system that is virtualised with KVM (Kernel-based Virtual Machine) can, in certain circumstances, gain read and write access to the Linux host’s storage devices. The advisory says that the hole exists when a host makes available partitions or LVM volumes to the guest as “raw disks” via virtio. Privileged guest users can send SCSI requests to such volumes that the host will execute on the underlying storage device – which allows the guest system to access all areas of the device rather than just the permitted partitions or volumes.
Read more: The H Security