New VMScape Spectre-BTI Attack Targets Isolation Flaws in AMD and Intel CPUs

Cybersecurity researchers at ETH Zurich have disclosed a critical new Spectre-based attack called VMSCAPE that exploits incomplete branch predictor isolation in virtualized cloud environments.

The attack, tracked as CVE-2025-40300, affects multiple generations of AMD and Intel processors and enables malicious virtual machines to steal sensitive data from hypervisor processes.

Attack Methodology and Impact

VMSCAPE represents the first practical Spectre Branch Target Injection attack where a malicious guest VM can leak arbitrary memory from an unmodified hypervisor without requiring any code modifications.

The attack specifically targets the widely used KVM/QEMU virtualization stack, demonstrating how attackers can extract cryptographic keys and other sensitive infrastructure secrets.

On AMD Zen 4 processors, researchers achieved data exfiltration rates of 32 bytes per second, successfully extracting disk encryption and decryption keys within approximately 18 minutes.

The complete attack chain, including initial reconnaissance and secret location identification, requires about 1,092 seconds to execute fully.

The ...