VT-d compartmentalizing and isolation breakthroughs

It was the Brits (GCHQ-Mossad). Canonical attacked Gnome-Redhat Boxes virtualizer and then they were able to get at KVM and Virtual Box. Virtualizers share something in common, “a subset of host physical memory,” which provides and attack path that can compromise other VM domains.

Does anyone know more about this? Is there a way to strengthen compartmentalization? Did anyone know that a VM could be used as a vector to attack other VMs?