[throwaway_ab]

If the underlying OS has a remote access vulnerability wouldn't that compromise every VM OS running on top?

[transpute]

> wouldn't that compromise every VM OS running on top?

pKVM VMs run "on the side" rather than "on top" of the host OS, so any compromise of the host is isolated from guests, besides DoS.

[techjamie]

This vulnerability isn't with the underlying OS though. They just installed a disabled application that has security concerns, but someone has to manually enable it for it to be a problem.