[effie]

Thanks, according to [1], it seems DMA is quite a 'backdoor', bypassing any memory management the kernel would do. But it is not clear to me whether this allows the attacker inside VM also to write into the forbidden regions of memory and thus either modify behaviour of the hypervisor or send information out via Internet.

[1] https://en.wikipedia.org/wiki/DMA_attack

[gmueckl]

GPUs can definitely write to host memory. In some situations, this is the only way to the results of some operations that the GPU performed (e.g. grab framebuffer for screenshots or video recordings). Usually, it's the job of the driver to check for illegal copy target addresses.

[kakarot]

The primary objective would be exfiltration, executive control is only secondary. If you can exfiltrate keys or hashes then you might not even need to use DMA to gain access to a system.