>> Xen guests may be able to infer the contents of arbitrary host memory,
>> including memory assigned to other guests.
> So an exploit utilised within one Dom-U can then go on to exploit another Dom-U. This is easy to read.
>> Additionally, in general, attacks within a guest (from guest user to
>> guest kernel) will be the same as on real hardware. Consult your
>> operating system provider for more information.
> I really don't understand the meaning of this.
> Does this mean that a Dom-U exploit can then go on to exploit the Dom-0 too?
> A Dom-U exploit == a baremetal exploit?
No. If you're running Linux in an HVM guest, and your Linux kernel
doesn't have the KPTI patches, then a userspace process ("guest user")
can use Meltdown to attack the kernel ("guest kernel").
In other words, to protect your systems from Meltdown, you need to do
1. Move your PV Linux guests to HVM or PVH
2. Install the Linux KPTI patches / Windows Meltdown hotfixes.