What’s new: A new attack, VMScape, has been identified that breaks guest-host isolation on AMD and Intel CPUs, allowing a malicious virtual machine (VM) to leak cryptographic keys from an unmodified QEMU hypervisor process. This attack bypasses existing Spectre mitigations and targets all AMD processors from Zen 1 to Zen 5, as well as Intel’s Coffee Lake CPUs, but does not affect newer Raptor Cove and Gracemont CPUs. The attack exploits shared branch prediction units to leak sensitive data at a rate of 32 bytes/second.
Who’s affected
Organizations using cloud services that rely on AMD and Intel CPUs, particularly those utilizing QEMU as their hypervisor, are at risk. The vulnerability is identified as CVE-2025-40300.
What to do
- Apply the latest patches released by Linux kernel developers that mitigate the VMScape attack by adding an Indirect Branch Prediction Barrier (IBPB) on VMEXIT.
- Review security bulletins from AMD regarding this vulnerability.
- Monitor for updates from cloud service providers regarding their mitigation strategies.
