VMScape: Academics Break Cloud Isolation With New Spectre Attack

A group of academic researchers from the ETH Zurich university have devised a new attack that breaks existing virtualization isolation to leak arbitrary memory and expose cryptographic keys.

The researchers discovered weaknesses in domain isolation in virtualized environments, proving that host–guest boundaries are not sufficiently isolated, thus leading to sensitive information leaks on various microarchitectures.

Their proof-of-concept (PoC) exploit, called VMScape (PDF), is a Spectre branch target injection (Spectre-BTI) attack targeting cloud environments, and can be used against all AMD Zen CPUs, as well as older Intel CPUs.

Virtual machines (VMs) represent the main mechanism for securely isolating workloads in the cloud, but Spectre attacks, such as Spectre-BTI, can compromise this isolation by targeting the shared branch predictor state within the CPU.

To mitigate the attack surface, CPU vendors have extended speculative execution attack mitigations to the branch predictor state, but gaps in those mitigations enable attack scenarios such ...