Researchers from ETH Zurich have uncovered a new Spectre-BTI attack called VMScape that can leak sensitive memory and cryptographic keys from virtualized environments, exploiting weaknesses in CPU branch prediction isolation. This vulnerability affects AMD Zen CPUs and older Intel processors, highlighting the need for updated mitigations and patches in cloud infrastructure. #SpectreBTI #VMScape #KVM #QEMU #AMDZen #IntelOldSystems
Keypoints
- The ETH Zurich researchers developed a proof-of-concept attack named VMScape targeting virtualization isolation flaws.
- VMScape exploits Spectre-BTI vulnerabilities to leak data from hypervisors such as QEMU used in cloud environments.
- The attack can retrieve sensitive information, including cryptographic keys, within minutes on affected CPUs.
- Mitigations include the use of Indirect Branch Prediction Barriers (IBPB) to prevent the attackβs success.
- Major Linux distributions have issued patches to mitigate the vulnerability CVE-2025-40300, but hardware updates are necessary for complete security.
Read More: https://www.securityweek.com/vmscape-academics-break-cloud-isolation-with-new-spectre-attack/