Using the VMware DirectPath I/O feature to pass through a PCI or PCIe device to a virtual machine results in a potential security vulnerability. The vulnerability can be triggered by buggy or malicious code, such as a device driver, running in privileged mode in the guest OS. Industry-standard hardware and firmware does not currently have sufficient error containment support to make it possible for ESXi to fully close the vulnerability.
VMware recommends that you use PCI or PCIe passthrough to a virtual machine only if the virtual machine is owned and administered by a trusted entity. You must be sure that this entity does not to attempt to crash or exploit the host from the virtual machine.
Your host might be compromised in one of the following ways.
The guest OS might generate an unrecoverable PCI or PCIe error. Such an error does not corrupt data, but can crash the ESXi host. Such errors might occur because of bugs or incompatibilities in the hardware devices that are being passed through, or because of problems with drivers in the guest OS.
The guest OS might generate a Direct Memory Access (DMA) operation that causes an IOMMU page fault on the ESXi host, for example, if the DMA operation targets an address outside the virtual machine's memory. On some machines, host firmware configures IOMMU faults to report a fatal error through a non-maskable interrupt (NMI), which causes the ESXi host to crash. This problem might occur because of problems with the drivers in the guest OS.
If the operating system on the ESXi host is not using interrupt remapping, the guest OS might inject a spurious interrupt into the ESXi host on any vector. ESXi currently uses interrupt remapping on Intel platforms where it is available; interrupt mapping is part of the Intel VT-d feature set. ESXi does not use interrupt mapping on AMD platforms. A spurious interrupt most likely results in a crash of the ESXi host; however, other ways to exploit these interrupts might exist in theory.