Comment 3 for bug 840925

Soren Hansen (soren) wrote :

The problem back then was that anyone with access to /dev/kvm could allocate an arbitrary amount of memory that could not be swapped out. Dead-easy DoS. Since... I don't remember when, years ago at least, memory used by kvm can be swapped out like all other memory, so it's in terms of DoS by memory allocation, it's no more dangerous than giving people access to run malloc. :)

You're also giving them access to execute certain cpu instructions they otherwise wouldn't be able to, but -- modulo whatever security bugs there might be, of course -- these aren't sensitive instructions (in the way they're exposed through the kvm interface, that is). KVM was designed to be safe to run this way.