ETH Zurich has uncovered a new Spectre-based vulnerability, VMSCAPE, that affects AMD Zen and Intel Coffee Lake processors, allowing malicious cloud tenants to leak sensitive data from the hypervisor. The flaw exploits insufficient separation of branch predictors between host and guest environments, with software patches being the primary mitigation method. #VMSCAPE #SpectreV2
Keypoints
- The vulnerability targets virtualization boundaries in AMD Zen and Intel Coffee Lake CPUs, impacting cloud environments.
- VMSCAPE enables attackers to extract secret data from the hypervisor without code modifications using speculative execution techniques.
- Hardware fixes are not feasible, so software mitigations, such as Linux patches, are being implemented despite performance costs.
- The exploit relies on the mingling of branch predictions across host and guest domains due to insufficient separation.
- Mitigations like IBPB-on-VMExit result in minimal overhead, with recent patches reducing impact on performance.
Read More: https://www.theregister.com/2025/09/11/vmscape_spectre_vulnerability/