From my understanding, the VM can exploit it too via executing a crazy amount of syscalls. I may be misunderstanding, but if that were not the case I doubt that AWS would be forcing quick reboots of a ton of its VMs.
Edit: Wait, sorry, I misread. Read is all you really need, write would just be a cherry. If you can read the memory of the host kernel, then you can gain access to any other VMs on the system. This one is bottom-up, you need access to one system and in theory you can gain access to thousands.
Edit: Wait, sorry, I misread. Read is all you really need, write would just be a cherry. If you can read the memory of the host kernel, then you can gain access to any other VMs on the system. This one is bottom-up, you need access to one system and in theory you can gain access to thousands.