- Eth Zurich scientists found a new Specter-BTI attack called VMSCAPE that lets a VM steal host data
- It affects cloud setups using KVM/Qemu on AMD and Intel CPUs that bypass existing defense
- They suggest rinsing the branch predictor on vmexit as a cheap solution
If Ghostbusters taught us something, it’s that spectators are notoriously difficult to get rid of.
Security researchers from the Swiss public university, ETH Zurich, recently discovered a new Specter-BTI (Branch Target injection) attack that allows a malicious virtual machine (VM) to leak sensitive data from the host system without changing host software.
Research Team – Jean -Claude Graf, Sandro Rüegge, Ali Hajiabadi and Kaveh Razavi – conducted a systematic analysis of branch predictor insulation, targeting environments using KVM/Qemu -virtualization on AMD Zen 4 and Zen 5 CPUs.
Fixing the error
In early June, they developed an exploitation and named it VMSCAPE.
According to the research document published earlier this week, VMSCAPE is proof that standard restrictions (hardware and software defense, previously considered sufficient for speculative execution attacks, such as Specter) are not enough to prevent speculative execution attacks across World Cup boundaries, and that disk enhancing trials can be leaked in real world.
All cloud providers running virtualized workloads on vulnerable CPUs using KVM/Qemu are affected by the error, the researchers explained further, which includes AMD Zen 1-5, and Intels Coffee Lake Chips. KVM/QEMU is a strong virtualization stable that is often used in Linux-based cloud environments.
The error is now traced as CVE-2025-40300, but the difficulty is not yet determined.
Chipmakers are already on the move. An AMD -spokesman told Registered that the company is preparing a security update as well as a software fix.
An Intel Representative told the same publication that existing mackets can be used to tackle this error. “Linux memories are expected to be available on the VMSCAPE -publicization date, and a CVE for this question is awarded by Linux,” they added.
The writers of the paper suggest flushing CPU’s branch predictor using IBPB on VMEXIT as a mitigation for VMSCAPE, as this prevents a malicious guest World Cup from influencing speculative execution paths in the host. They also emphasized that the tests showed insignificant benefit over the head and that the correction was convenient for implementation.
Via Registered
