VMScape attack breaks guest-host isolation on AMD, Intel CPUs

First reported

11.09.2025 18:05

Last updated

📰 1 unique sources, 1 articles

Summary

Hide ▲

A new speculative execution attack, VMScape, allows a malicious virtual machine to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. The attack bypasses existing Spectre mitigations and threatens to leak sensitive data by leveraging speculative execution. VMScape does not require compromising the host and works on unmodified virtualization software with default mitigations enabled. The attack affects all AMD processors from Zen 1 to Zen 4, as well as Intel’s “Coffee Lake” CPUs. The attack targets QEMU, the user-mode hypervisor component, which maps guest memory into its address space. Researchers demonstrated that VMScape can leak arbitrary memory data from QEMU at a rate of 32 bytes/second, with a byte-level accuracy of 98.7%. The total end-to-end time to leak a 4KB secret, such as a disk encryption key, is approximately 13 minutes. The ETH Zurich team reported their findings to AMD and Intel on June 7, and the issue received the identifier CVE-2025-40300. AMD has released a security bulletin about the problem. Linux kernel developers have released patches that mitigate VMScape by adding an Indirect Branch Prediction Barrier (IBPB) on VMEXIT, effectively flushing the Branch Prediction Unit (BPU) when switching from guest to host.

Timeline

11.09.2025 18:05 📰 1 articles

VMScape attack breaks guest-host isolation on AMD, Intel CPUs
A new speculative execution attack, VMScape, allows a malicious virtual machine to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. The attack bypasses existing Spectre mitigations and threatens to leak sensitive data by leveraging speculative execution. The attack affects all AMD processors from Zen 1 to Zen 4, as well as Intel’s “Coffee Lake” CPUs. The ETH Zurich team reported their findings to AMD and Intel on June 7, and the issue received the identifier CVE-2025-40300. AMD has released a security bulletin about the problem. Linux kernel developers have released patches that mitigate VMScape by adding an Indirect Branch Prediction Barrier (IBPB) on VMEXIT, effectively flushing the Branch Prediction Unit (BPU) when switching from guest to host.
Show sources

New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
Open in new tab

Information Snippets

VMScape is a new Spectre-like attack that allows a malicious virtual machine to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
The attack breaks the isolation between VMs and the cloud hypervisor, bypassing existing Spectre mitigations.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
VMScape does not require compromising the host and works on unmodified virtualization software with default mitigations enabled.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
The attack affects all AMD processors from Zen 1 to Zen 4, as well as Intel’s “Coffee Lake” CPUs.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
The attack targets QEMU, the user-mode hypervisor component, which maps guest memory into its address space.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
Researchers demonstrated that VMScape can leak arbitrary memory data from QEMU at a rate of 32 bytes/second, with a byte-level accuracy of 98.7%.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
The total end-to-end time to leak a 4KB secret, such as a disk encryption key, is approximately 13 minutes.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
The ETH Zurich team reported their findings to AMD and Intel on June 7, and the issue received the identifier CVE-2025-40300.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
AMD has released a security bulletin about the problem.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05
Linux kernel developers have released patches that mitigate VMScape by adding an Indirect Branch Prediction Barrier (IBPB) on VMEXIT, effectively flushing the Branch Prediction Unit (BPU) when switching from guest to host.
First reported: 11.09.2025 18:05

📰 1 source, 1 article
Show sources
- New VMScape attack breaks guest-host isolation on AMD, Intel CPUs — www.bleepingcomputer.com — 11.09.2025 18:05