[throwaway125]

Have there been recent public disclosures of vulnerabilities in hypervisors?

Breaking out of virtual machines is a really interesting process but it's important to remember that a hypervisor can be attacked with pretty much the same techniques you can attack any other program. Virtual machines aren't a magic contain-all-the-hackers solution. There was an interesting talk on DEFCON 19 about breaking out of KVM: http://www.youtube.com/watch?v=tVSVdudfF8Q

[res0nat0r]

This was a pretty big deal in 2012: http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_...

[aliguori]

Technically that was breaking out of QEMU. It was not KVM specific.

If you break into QEMU, you should be a non-privileged user. If you are using libvirt, you are in a cgroup based jail (basically a container) with SELinux being enforced too. So after breaking into QEMU, you would still need to break out of the container before you could attack anything.

But Nelson's exploit was pretty cool. I initially thought remote code execution wasn't possible and he turned around pretty quickly with the exploit. It's quite impressive.