A new Spectre-like vulnerability called VMScape enables malicious VMs to leak cryptographic keys from unmodified QEMU hypervisors on modern AMD and Intel CPUs, bypassing existing mitigations. The attack exploits shared branch prediction units and speculative execution, posing a threat to multi-tenant cloud environments, but requires advanced expertise to execute. #VMScape #QEMU #SpectreVulnerability #AMDZen4 #IntelCoffeeLake
Keypoints
- VMScape allows a VM to leak sensitive data from the hypervisor through speculative execution.
- The attack affects AMD Zen 1 to Zen 5 processors and Intel Coffee Lake CPUs.
- It targets QEMUβs shared branch prediction units, bypassing traditional isolation protections.
- Leaked data can include cryptographic keys, potentially compromising cloud security.
- Mitigations include kernel patches that introduce fences to flush branch prediction hardware, with minimal performance impact.