I am not sure about the details, but IIUC, the attack works this way: 1. The kernel recieves a malformed UDP packet. 2. There is some application that reads the packet in peek mode. (This is reportedly rarely used.)
If one of those conditions is not met, the attack is not triggered. I hope that VMs like sys-net and sys-firewall will not forward the malformed packet unless they are compromised. If this is true, then exploitation in Qubes would require compromising its NetVM first. In typical scenario, this requires compromising sys-firewall, but the attack surface is rather small. In some other scenario, just compromising a ProxyVM (e.g., TorVM) might be enough. This is not to say Qubes can never be affected, just my brief research suggests it is not so severe in QubesOS and chained exploitation (probably to TemplateVM) sounds unlikely. Regards, Vít Šesták 'v6ak' -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/47e5e2ec-0922-45c1-82c7-41dc60799263%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
