X41 releases the audit report of Rust-VMM

X41 performed a source code audit of Rust-VMM,
a virtual machine monitor framework implemented in Rust. The audit was
sponsored by the Open Source Technology Improvement Fund.

Audit results

X41 did not discover any vulnerabilities during the audit and only identified
issues that may pose a security risk due to code changes in the future. In
contrary, X41 found that the security posture of Rust-VMM is exemplary. The
issue that was reported directly during the audit was taken seriously despite
the lack of direct impact and a fix was committed within a week. The source code
is well commented, and the developer team understands minute details of Rust’s
memory safety model.

However, using Rust-VMM does not necessarily shield an upstream user of the
framework from certain risks. The best example is the expandability of the
framework with custom virtio drivers, which run in the user space of the host
operating system. Often, these need to parse data provided by the guest
operating system virtio driver, which is inherently untrusted. Here classical
vulnerability patterns like time-of-check-time-of-use bugs or double-fetches
may emerge.


If you are interested in working with us on such projects in the future, remote or in-office, have a look at our jobs page!