[bonzini]

What privileges does bhyve run under? Exploiting a properly sandboxed QEMU does give you access to some potentially interesting file descriptor but, unless you can use them to get kernel code execution, your process will not have access to any resources on the host that wouldn't be already accessible from inside the VM.

[monocasa]

Almost all attacks these days are a chain of exploits that each focus on jumping code execution to a new context or gaining a new privilege, that only when combined give you the access you're looking for as an attacker.

[yjftsjthsd-h]

Doesn't running it with KVM enabled put you back into kernel space? I'm sure doing everything in userspace is safer, but TCG is nowhere near as performant...

[bonzini]

KVM is indeed one of the potentially interesting file descriptors, but there is relatively little code running in kernel space.

[monocasa]

The vast majority of the device emulation is in user space, even with KVM.

[saagarjha]

There's a section on sandbox escapes.