* I am not aware of any attacks against legacy hardware except for VENOM. Intel's QEMU-lite patches are disabling these devices for speed rather than security reasons. In any case, no external patches are needed right now to disable most legacy devices: QEMU's Q35 machine type doesn't have a default floppy controller and you can already remove the HPET, PIT, SATA controller and SMBIOS controller. What is left is used, albeit sometimes rarely, by the firmware or the OS (e.g. IOAPIC, RTC, PCI host bridge or ACPI); any replacement would be more likely to have holes than the current well-tested code.
* Rowhammer detection is interesting, but not really related to virtualization. Thanks to KVM's design any such monitoring solution would apply equally to Linux containers. This is not the case for Xen, for example.
* Besides Rowhammer, memory dedup is highly subject to side channel attacks. I think this is a much more important issue, and it already pretty much forces you to disable KSM in multi-tenant applications.
* Rowhammer detection is interesting, but not really related to virtualization. Thanks to KVM's design any such monitoring solution would apply equally to Linux containers. This is not the case for Xen, for example.
* Besides Rowhammer, memory dedup is highly subject to side channel attacks. I think this is a much more important issue, and it already pretty much forces you to disable KSM in multi-tenant applications.