"If you thought the world was done with side-channel CPU attacks, think again. ETH Zurich has identified yet another Spectre-based transient execution vulnerability that affects AMD Zen CPUs and Intel Coffee Lake processors by breaking virtualization boundaries. The attack, dubbed VMSCAPE ( CVE-2025-40300), is said to be the first Spectre-based exploit that allows a malicious guest user in a cloud environment to leak secrets from the hypervisor in the host domain without code changes - injected Return-oriented programming gadgets - and in default configuration."
"The technique is described in a paper [PDF] published on Thursday, "VMSCAPE: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments," by Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi. The paper is set to be presented at the 47th IEEE Symposium on Security and Privacy. Cloud computing depends upon virtualization to securely partition physical computing resources into virtual ones, managed by a hypervisor. VMSCAPE targets the Kernel Virtual Machine (KVM) and QEMU (Quick Emulator), as the hypervisor and as the userspace component of the hypervisor in the host."
""VMSCAPE can leak the memory of the QEMU process at the rate of 32 B/s on AMD Zen 4," the authors state in their paper. "We use VMSCAPE to find the location of secret data and leak the secret data, all within 772 s, extracting the cryptographic key used for disk encryption/decryption as an example." AMD Zen 1-5 processors are affected, as are Intel Coffee Lake processors, which debuted in 2017. Hardware fixes aren't feasible, the authors say, so Linux maintainers have addressed the issue in software. This comes at a cost, however, in terms of performance overhead."
VMSCAPE exploits incomplete branch predictor isolation to break virtualization boundaries and enable a guest VM to leak hypervisor memory. The vulnerability affects AMD Zen 1–5 and Intel Coffee Lake processors and targets KVM and QEMU in common cloud deployments. The exploit can read QEMU process memory at roughly 32 bytes per second on Zen 4 and can locate and extract secrets, including disk-encryption keys, within minutes. The exploit operates without guest-side code modifications, without injected return-oriented programming gadgets, and works in default hypervisor configurations. Software mitigations in Linux are available but introduce performance overhead, while hardware fixes are not feasible.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]