From everything I've read, what you just described is the main threat of these vulnerabilities. Customer A has a VM running on the same host as Customer B, and an exploit could intercept data at the processor level.
I work on a private cloud, so our customers don't have to worry in this regard since they don't share their blades with anyone. If someone gets access to their guest VMs, they have bigger things to worry about than Meltdown and Spectre
It is much larger than what I described. Affects nearly every PC/server out there. An exploit with your Internet browser can allow someone to also exploit meltdown or spectre. So private or shared, the risk is still huge.
But still have yet to read a guest OS on ESXi can compromised all VMs running on that server. If that is the case, why would companies, especially healthcare, financial, etc. risk putting any resources in public cloud?
1 person found this helpful
"Result of exploitation may allow for information disclosure from one Virtual Machine to another Virtual Machine that is running on the same host."
But again, I'm just providing the platform. We don't provide support into their OS. I was just making the point that between our cloud and public cloud, a customer doesn't have to worry about who they are sharing their host with.
I personally don't see how anyone sleeps at night when they're on a public cloud.
As far as the risk, the exploits are able to see into the caches of the processors, so they can intercept all data being processed which includes intercepting passwords, etc. The exploits don't just see the data from their guest OS.
Amazon's stock is up over 200 points this year. I guess people aren't too concerned. :-)