Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

QEMU VMScape speculative execution flaw (CVE-2025-40300)

Vulnerability
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Researchers confirmed VMScape, a Spectre-like flaw in QEMU, can let a malicious VM leak cryptographic keys and other secrets from AMD and Intel systems. The issue is tracked as CVE-2025-40300 and breaks guest-host isolation even on unmodified virtualization software with default mitigations. Because the attack targets the hypervisor process itself, it can expose sensitive memory from QEMU or neighboring virtual machines.

Related Happenings

Linux kernel Dirty Frag local root escalation privilege-escalation flaw

Vulnerability
First: 08.05.2026 10:45 Last: 08.05.2026 10:45 Sources 1

About this happening: **Dirty Frag** is a newly disclosed **Linux kernel** zero-day that can give **local attackers root privileges** on **most major Linux distributions**. The flaw is anchored in the...

Open Happening

Payouts King ransomware QEMU reverse SSH backdoor activity

Malware Activity
First: 17.04.2026 22:10 Last: 17.04.2026 22:10 Sources 1

About this happening: **Payouts King ransomware** is using **QEMU** hidden virtual machines and a **reverse SSH backdoor** to keep covert access on compromised hosts and evade endpoint security. The ma...

Open Happening

Linux kernel AppArmor confused deputy vulnerabilities CrackArmor security flaw

Vulnerability
First: 13.03.2026 10:18 Last: 13.03.2026 10:18 Sources 1

About this happening: Researchers disclosed **CrackArmor**, nine **confused deputy** flaws in the **Linux kernel's AppArmor module** that can let **unprivileged users** bypass protections, gain **root*...

Open Happening

WireTap memory-bus interposer analysis breaks Intel SGX attestation on DDR4 systems

Technical Analysis
First: 01.10.2025 20:20 Last: 01.10.2025 20:20 Sources 1

About this happening: Researchers demonstrated **WireTap**, a **memory-bus interposer** attack that can extract **Intel SGX attestation keys** on **DDR4 systems**, undermining enclave confidentiality a...

Open Happening

Battering RAM interposer attack breaks Intel SGX and AMD SEV-SNP confidential computing

Technical Analysis
First: 01.10.2025 17:54 Last: 01.10.2025 17:54 Sources 1

About this happening: Researchers demonstrated **Battering RAM**, a **$50** interposer attack that can bypass **Intel SGX** and **AMD SEV-SNP**, undermining confidential-computing protections for cloud...

Open Happening

Timeline

  1. 11.09.2025 18:05 1 articles · 8mo ago

    Researchers notify AMD and Intel about VMScape

    Initial Disclosure

    ETH Zurich researchers reported VMScape findings to AMD and Intel and the issue was assigned CVE-2025-40300; the flaw is a Spectre-like attack against unmodified QEMU virtualization on modern AMD and Intel CPUs that can let a malicious VM leak cryptographic keys and other secrets.

    Show sources
    Open in new tab
  2. 11.09.2025 18:05 2 articles · 8mo ago

    AMD bulletin and Linux patches mitigate VMScape

    Mitigation Patch Update

    AMD released a security bulletin and Linux kernel developers released patches that mitigate VMScape by adding an IBPB on VMEXIT, flushing branch-prediction state when switching from guest to host; the described attack breaks guest-host isolation in QEMU and can leak secrets through speculative-execution side channels.

    Show sources
    Open in new tab