- ETH Zurich researchers have found a new Specter-BTI attack called VMSCAPE which allows a virtual machine to steal host data
- It affects cloud configurations using KVM / QEMU on AMD and Intel processors, bypassing existing defenses
- They propose to rinse the branch predictor on Vmexit as a low cost correction
If Ghostbusters taught us something, it is because the spectra are notoriously difficult to eliminate.
Security researchers from the Swiss public university, ETH Zurich, recently discovered a new Specter-BTI attack (Branch Target Injection) which allows a malicious virtual machine (VM) to disclose sensitive data from the host system, without modifying host software.
The research team – Jean -Claude Graf, Sandro Rüegge, Ali Hajiabadi and Kaveh Razavi – carried out a systematic analysis of the isolation of branch predictions, targeting the environments using the KVM / Qemu virtualization on AMD Zen 4 and Zen 5 CPU.
Flag
In early June, they developed a feat and appointed it VMSCAPE.
According to the research document published earlier this week, VMSCAPE is half that default attenuations (hardware defenses and software which were previously considered sufficient for speculative execution attacks such as spectrum) are not sufficient to prevent speculative execution attacks through the limits of the virtual machine, and that secrets like the ward -wolf wines can be disclosed in the clouds Real.
All cloud suppliers carrying out virtualized workloads on vulnerable processors using KVM / Qemu are affected by the bug, explained the researchers, who includes AMD Zen 1-5 and the Intel Coffee Lake fleas. KVM / Qemu is a powerful virtualization battery commonly used in Linux -based cloud environments.
The bug is now followed as CVE-2025-40300, but the gravity score has not yet been determined.
Flea manufacturers are also already in motion. An AMD spokesman said The register that the company is preparing a security file, as well as a software fix.
An Intel representative has told the same publication that existing attenuations can be used to fight against this flaw. “Linux attenuations should be available on the date of public disclosure VMSCAPE, and a CVE for this problem will be assigned by Linux,” they added.
The authors of the document propose to empty the predictor of the CPU branch using IBPB on VMEXIT as attenuation of VMSCAPE, as this prevents a malicious virtual machine from influencing the speculative execution paths of the host. They also pointed out that the tests showed negligible performance fees and that the fix was practiced for deployment.
Via The register
