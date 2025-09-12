Cloud Security, Hardware, Threat Intelligence

Cloud secrets exposed by CPU-targeting VMScape attack

BleepingComputer reports unmodified QEMU hypervisors underpinned by AMD Zen 1 to 5 processors and Intel Coffee Lake processors could have their cryptographic keys compromised with the new VMScape attack, which circumvents protections for Spectre vulnerabilities.

VMScape intrusions involve the use of a Spectre-Branch Target Injection technique to enable speculative execution in QEMU, which is then prolonged through the removal of relevant cache entries, while further discovery of branch collisions to determine victim gadget location and subsequent brute-forcing overrides the Address Space Layout Randomization feature, according to a study by ETH Zurich researchers, who developed the attack.

By leaking QEMU arbitrary memory data at 32 bytes/second at 98.7% accuracy and a 43% success rate, VMSpace could facilitate disk encryption key exposures within 128 seconds, with end-to-end compromise achieved in less than 13 minutes. Intel and AMD have already issued advisories on the issue, which is tracked as CVE-2025-40300, as mitigations were released by Linux kernel developers.

