@david_chisnall Okay, you lost me. Why is this threat model specific to VMs, as opposed to applying equally to not-VMs?
What's special about VMs such that they're more susceptible to having host memory overwritten?
I guess guest OS memory can be overwritten by a rogue device too, but that at least will be constrained to the VM given proper sandboxing...