You must log in or # to comment.
I skimmed most of the article, glad to see it’s been patched.
It looks like the attack vector requires access to a VM on the host machine i.e. public cloud/VPS.
So maybe not a huge risk exclusively for self hosted configurations?
Mostly no, unless you expose your VM to the Internet or run untrusted code.
Anybody who does docker compose pull for any service?
It’s a QEMU specific vulnerability.
