CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

VMScape attack breaks guest-host isolation on AMD, Intel CPUs

First reported
Last updated
1 unique sources, 1 articles

Summary

Hide ▲

A new speculative execution attack named VMScape allows malicious virtual machines (VMs) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. The attack bypasses existing Spectre mitigations and threatens to leak sensitive data by leveraging speculative execution. It affects all AMD Zen 1 to Zen 5 processors and Intel’s Coffee Lake CPUs, but not Raptor Cove or Gracemont. The attack does not require compromising the host and works on unmodified virtualization software with default mitigations enabled on the hardware. The VMScape attack targets QEMU, the user-mode hypervisor component, by influencing indirect branch prediction in a host user process due to shared Branch Prediction Unit (BPU) structures. The attack uses a Spectre-BTI (Branch Target Injection) technique to misguide a target indirect branch in QEMU, enabling the leakage of secret data. The ETH Zurich research team reported the findings to AMD and Intel, who have released patches and security bulletins. Linux kernel developers have also released patches to mitigate the issue.

Timeline

  1. 11.09.2025 18:05 1 articles · 21d ago

    VMScape attack breaks guest-host isolation on AMD, Intel CPUs

    A new speculative execution attack named VMScape allows malicious virtual machines (VMs) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. The attack bypasses existing Spectre mitigations and threatens to leak sensitive data by leveraging speculative execution. The attack affects all AMD Zen 1 to Zen 5 processors and Intel’s Coffee Lake CPUs, but not Raptor Cove or Gracemont. The ETH Zurich research team reported the findings to AMD and Intel, who have released patches and security bulletins. Linux kernel developers have also released patches to mitigate the issue.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

Battering RAM Attack Bypasses Intel and AMD Cloud Security Protections

A group of academics from KU Leuven and the University of Birmingham have demonstrated a new vulnerability called Battering RAM. This vulnerability bypasses the latest defenses on Intel and AMD cloud processors, compromising Intel's Software Guard Extensions (SGX) and AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack leverages a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regions. The vulnerability affects systems using DDR4 memory, particularly those relying on confidential computing workloads in public cloud environments. Successful exploitation can allow a rogue cloud infrastructure provider or insider with limited physical access to compromise remote attestation and enable the insertion of arbitrary backdoors into protected workloads. The vulnerability was reported to the vendors earlier this year, but defending against Battering RAM would require a fundamental redesign of memory encryption itself. The attack is an evolution of the previous BadRAM attack, which exploited physical address aliasing to modify and replay encrypted memory on AMD SEV-SNP systems. The Battering RAM attack introduces dynamic memory aliases at runtime, allowing it to bypass Intel's and AMD's mitigations for BadRAM. Researchers from Georgia Institute of Technology and Purdue University have demonstrated a new attack called WireTap that also bypasses Intel's SGX security guarantees. WireTap uses a DDR4 memory-bus interposer to passively decrypt sensitive data, exploiting Intel's deterministic encryption. The WireTap attack can extract an SGX secret attestation key, allowing an attacker to sign arbitrary SGX enclave reports. WireTap and Battering RAM attacks are complementary, focusing on confidentiality and integrity respectively. WireTap can be used to undermine confidentiality and integrity guarantees in SGX-backed blockchain deployments. Intel and AMD have acknowledged the exploits but consider physical attacks on DRAM out of scope for their current products. Intel's cryptographic integrity protection mode of Intel Total Memory Encryption-Multi-Key (Intel TME-MK) can provide additional protection against alias-based attacks. The researchers' exploits demonstrate that confidential computing is not invincible, and defenders should reevaluate threat models to better understand and prepare for physical attacks.

Open in new tab

Cisco IOS and IOS XE SNMP Zero-Day Exploited in Attacks

Cisco has released security updates to address a high-severity zero-day vulnerability (CVE-2025-20352) in Cisco IOS and IOS XE Software. The flaw is a stack-based buffer overflow in the Simple Network Management Protocol (SNMP) subsystem, actively exploited in attacks. This vulnerability allows authenticated, remote attackers to cause denial-of-service (DoS) conditions or gain root control of affected systems. The vulnerability impacts all devices with SNMP enabled, including specific Cisco devices running Meraki CS 17 and earlier. Cisco advises customers to upgrade to a fixed software release, specifically Cisco IOS XE Software Release 17.15.4a, to remediate the vulnerability. Temporary mitigation involves limiting SNMP access to trusted users and disabling the affected Object Identifiers (OIDs) on devices. Additionally, Cisco patched 13 other security vulnerabilities, including two with available proof-of-concept exploit code. Cisco also released patches for 14 vulnerabilities in IOS and IOS XE, including eight high-severity vulnerabilities. Proof-of-concept exploit code exists for two of the vulnerabilities, but exploitation is not confirmed. Three additional medium-severity bugs affect Cisco’s SD-WAN vEdge, Access Point, and Wireless Access Point (AP) software.

Open in new tab

Phoenix attack bypasses Rowhammer defenses in DDR5 memory

A new Rowhammer attack variant, Phoenix, bypasses DDR5 Rowhammer defenses in SK Hynix memory chips. The attack exploits specific refresh intervals and synchronization methods to flip bits, enabling privilege escalation, data corruption, or unauthorized access. The vulnerability, tracked as CVE-2025-6202, affects all DDR5 DIMM RAM modules produced between January 2021 and December 2024. The attack was developed by researchers at ETH Zurich University and Google, who demonstrated its effectiveness on 15 DDR5 memory chips. The vulnerability allows attackers to gain root privileges in under two minutes on a commodity DDR5 system. The attack can exploit RSA-2048 keys of a co-located virtual machine to break SSH authentication and use the sudo binary to escalate local privileges to the root user. Mitigation involves tripling the DRAM refresh interval, but this may cause system instability.

Open in new tab