I'm not necessarily saying virtual machines are more secure, but, here's where I think the difference might be: the api.
Linux has so many system calls, and with each new one you get a whole new attack surface (e.g. most recently with io_uring).
But the attack surface with hypervisors is pretty static, and perhaps can be better reasoned about.
Again, not strongly arguing which is safer, but just pointing out that there is a pretty fundamental difference between the two that could make for a difference in security.
Yes, but the API is not inherent to the hypervisor/kernel split. You can have a operating system that exposes a smaller API similar to a hypervisor and voila, you have a better model. The only reason to prefer a hypervisor over a similar operating system is if you need to run a binary targeting a different operating system. At that point you actually do need a virtual machine and you actually do need the operating system in it. However, this is contrary to the point of a unikernel which is to get rid of the operating system within the virtual machine.
Processes and OS services are a strictly better model than virtual machines and virtual devices when developing a program. They fulfill the same purposes, but the operating system model is less clunky as you are "virtualizing" a ideal machine that requires no setup and ideal devices that requires no setup. In contrast, virtual machines and virtual devices expose a API that includes the nitty-gritty details of actual hardware which is just a distraction when developing a regular old application.
You actually see a funny convergence where optimized hypervisors implement specialized virtual devices that do not exist in reality that offer streamlined interfaces. These are basically the reinvention of operating system interfaces as the virtual machine guests (processes) consume a abstract interface that the hypervisor (operating system) maps onto the actual hardware. They also support specialized virtual devices for communicating between guests (IPC calls). Reinvention for everyone, but worse, yay.
Linux has so many system calls, and with each new one you get a whole new attack surface (e.g. most recently with io_uring).
But the attack surface with hypervisors is pretty static, and perhaps can be better reasoned about.
Again, not strongly arguing which is safer, but just pointing out that there is a pretty fundamental difference between the two that could make for a difference in security.