Parallels Holdings Ltd Information for VU#935424

Virtual Machine Monitors (VMM) contain a memory deduplication vulnerability



Vendor Statement

- Virtuozzo 6 (formerly Parallels Cloud Server 6) Virtual Machines are
not affected since our hypervisor does not utilize page sharing.
- Virtuozzo 6 Containers are affected through "pfcache" feature (enabled
by default), in the sense that from inside a Container you can find out
whether any other container on the host has (or ever had) the particular
application/file (of the particular version). We are considering this
information leak a minor issue, which comes as a price for memory
deduplication. We have no plans for fixing it. If this is considered a
major threat by user, then it could be mitigated by disabling the
"pfcache" functionality.

Vendor Information

We are not aware of further vendor information regarding this vulnerability.

Vendor References



There are no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.