Subj : New Spectre-based CPU vulnerability allows guests to steal sensit To : All From : TechnologyDaily Date : Fri Sep 12 2025 17:45:08 New Spectre-based CPU vulnerability allows guests to steal sensitive data from the cloud Date: Fri, 12 Sep 2025 16:30:00 +0000 Description: Researchers found another Spectre-like vulnerability affecting both Intel and AMD chips. FULL STORY ======================================================================ETH Zurich researchers found a new Spectre-BTI attack called VMSCAPE that lets a VM steal host data It affects cloud setups using KVM/QEMU on AMD and Intel CPUs, bypassing existing defenses They propose flushing the branch predictor on VMEXIT as a low-cost fix If Ghostbusters taught us anything, its that spectres are notoriously difficult to get rid of. Security researchers from the Swiss public university, ETH Zurich, recently discovered a new Spectre-BTI (Branch Target Injection) attack that allows a malicious virtual machine (VM) to leak sensitive data from the host system, without modifying host software. The research team - Jean-Claude Graf, Sandro Regge, Ali Hajiabadi, and Kaveh Razavi - conducted a systematic analysis of branch predictor isolation, targeting environments using KVM/QEMU virtualization on AMD Zen 4 and Zen 5 CPUs. Fixing the flaw In early June, they developed an exploit and named it VMSCAPE. According to the research paper published earlier this week, VMSCAPE is proof that default mitigations (hardware and software defenses that were previously considered sufficient for speculative execution attacks such as Spectre) are not enough to prevent speculative execution attacks across VM boundaries, and that secrets like disk encryption keys can be leaked in real-world cloud setups . All cloud providers running virtualized workloads on vulnerable CPUs using KVM/QEMU are affected by the bug, the researchers further explained, which includes AMD Zen 1-5, and Intels Coffee Lake chips. KVM/QEMU is a powerful virtualization stack commonly used in Linux-based cloud environments. The bug is now tracked as CVE-2025-40300, but the severity score has not yet been determined. Chipmakers are already on the move, as well. An AMD spokesperson told The Register that the company is preparing a security brief, as well as a software fix. An Intel representative told the same publication that existing mitigations can be used to address this flaw. Linux mitigations are expected to be available on the VMSCAPE public disclosure date, and a CVE for this issue will be assigned by Linux," they added. The papers authors propose flushing the CPUs branch predictor using IBPB on VMEXIT as a mitigation for VMSCAPE, as this prevents a malicious guest VM from influencing speculative execution paths in the host. They also stressed that the tests showed negligible performance overhead, and that the fix was practical for deployment. Via The Register You might also like AMD warns worrying new Spectre, Meltdown-esque flaw could affect top CPUs - here's what we know Take a look at our guide to the best authenticator app We've rounded up the best password managers ====================================================================== Link to news story: https://www.techradar.com/pro/security/new-spectre-based-cpu-vulnerability-all ows-guests-to-steal-sensitive-data-from-the-cloud --- Mystic BBS v1.12 A49 (Linux/64) * Origin: tqwNet Technology News (1337:1/100) .