Researchers demonstrate new cloud security breach method

ETH Zurich academics developed VMScape, a Spectre-based attack that breaks virtualization isolation to leak sensitive data from cloud hypervisors at rates of 32 bytes per second. The attack exploits weaknesses in branch predictor isolation on AMD Zen and older Intel CPUs, allowing malicious virtual machines to extract cryptographic keys and arbitrary memory from host systems. Researchers successfully demonstrated extracting disk encryption keys within about 18 minutes using their proof-of-concept against KVM/QEMU hypervisors. Linux distributions have released patches for the vulnerability tracked as CVE-2025-40300, with mitigations involving Indirect Branch Prediction Barriers on VM exits.

Read more:

https://www.securityweek.com/vmscape-academics-break-cloud-isolation-with-new-spectre-attack/