I guess by theoretical you mean that they haven’t been found in the wild yet, right? There has been some interesting proof-of-concept and bugfinding work done by Tom Shelton (attack against VMWare’s NAT); Tavis Ormandy (paper on remote code exploits for most virtualization software); and Tom Liston at IntelGuardians (details here slightly less clear).

In any case, I am not sure what point you are making. It seems like you are doing exactly what I am cautioning against – comparing hypervisor security to OS security. My point is that you get your latter situation in either physical or virtual machine. If that is the case, then the hypervisor attack surface, however slight it may be, adds to the attack surface of the VM.

Pete

I think most would agree that hypervisor attacks are theoretical at this point, as compared to the VM OS/App vulnerabilities which exist, have established attacks and which are now in “fluid-like” states creating an attack surface that can mutate faster than most security appliances can keep up.

Greg N