- ETH Zurich researchers found a new Specter-BTI attack called VMSCAPE that allows a VM to steal host data
- It affects cloud configurations using Kvm/Qemu in AMD E CPU of Intel, without going through existing defenses
- The predictor of the branch in Vmexit proposes rinse as a low cost solution
If the Ghostbusters taught us something, is that the spectra are notoriously difficult to get rid of.
Security researchers at the Switzerland public university, Eth Zurich, recently discovered a new Specter-BTI attack (branch objective injection) that allows a malicious virtual machine (VM) to filter confidential data of the host system, without modifying the host software.
The research team, Jean -claude Graf, Sandro Rüegge, Ali Hajiabadi and Kaveh Razavi, performed a systematic analysis of the insulation of branches, directing environments using virtualization kvm/qemu in AMD Zen 4 and Zen 5 CPU.
Fixing the defect
In early June, they developed an exploit and called it VMSCAPE.
According to the research document published earlier this week, VMSCape is a proof that default mitigations (hardware and software defenses that previously considered enough for speculative execution attacks such as spectter) are not enough to avoid speculative execution attacks between the limits of the VM, and that secrets such as disk encryption can be filtered in the cloud configuration in the world real.
All cloud suppliers that execute virtualized workloads on CPU vulnerable with KVM/qemu are affected by error, the researchers explained more, which includes AMD Zen 1-5 and Intel’s Coffee Lake Chips. KVM/QEMU is a powerful virtualization battles commonly used in linux -based cloud environments.
The error is now tracked as CVE-2025-40300, but the gravity score has not yet been determined.
Chips manufacturers are already moving, too. An AMD spokesman said The registration That the company is preparing a security report, as well as a software solution.
An Intel representative told the same publication that existing mitigations can be used to address this defect. “Linux mitigations are expected to be available on the public dissemination date of VMSCAPE, and Linux will assign a CVE for this problem,” they added.
The authors of the document propose to rinse the predictor of the CPU branch using IBPB in Vmexit as a mitigation for VMSCape, since this prevents a malicious guest VM from influencing the speculative execution routes in the host. They also emphasized that the tests showed an insignificant performance overload and that the solution was practical for implementation.
Through The registration
