Posted by antonio on Aug 06

Hi there

We discovered a new attack vector against memory deduplication in
Virtual Machine Monitors (VMM) where attackers can effectively leak
randomized base addresses of libraries and executables in processes
of neighboring Virtual Machines (VM).

The details are described in the security advisory below and in our
WOOT’15 paper:
https://www.usenix.org/conference/woot15/workshop-program/presentation/barresi

Several vendors were notified…