🚨 New VMScape Spectre-BTI Attack Exploits Isolation Gaps in AMD and Intel CPUs | Read more: https://lnkd.in/gAkxGjt2 A novel speculative execution attack named VMSCAPE allows a malicious virtual machine (VM) to breach its security boundaries and steal sensitive data, like cryptographic keys, directly from its host system. The vulnerability, identified as CVE-2025-40300, affects a wide range of modern processors, including all current generations of AMD Zen (1 through 5) and Intel's Coffee Lake CPUs. VMSCAPE's success hinges on the discovery of incomplete isolation within the CPU's Branch Prediction Unit (BPU). #cybersecuritynews #vulnerability
John Gangemi
2mo
Another side-channel attack.
Attackers can exfiltrate sensitive details exploiting this vulnerability.
R E
2mo
The new VMScape vulnerability shows how a guest VM can exploit branch prediction poisoning to attack the host—bypassing isolation and compromising the hypervisor. As someone exploring CHERI (Capability Hardware Enhanced RISC Instructions) I’ve been reflecting: Can CHERI help mitigate attacks like VMScape? Yes, in key areas: * Pointer integrity & memory safety: CHERI enforces bounds and permissions on memory access. * Compartmentalisation - Enables least-privilege isolation of hypervisor components. * Safer tooling - CHERI LLVM and CheriBSD reduce exposure to exploitation. But not everything is solved: CHERI doesn’t control speculative execution—CPU-level fixes (e.g. IBPB/IBRS) are still needed. * Side-channel leaks (cache/timing) remain unless explicitly mitigated. * Hypervisor transitions must be carefully hardened. CHERI isn’t a silver bullet - it’s a foundational layer for building more secure systems. I’ll continue advocating for capability-based security as part of a modern, layered defence. #CHERI #CyberSecurity #VMScape #TrustedComputing #SecureByDesign #MemorySafety #CHERIAmbassador CHERI Alliance
Amin Mohamed
2mo
congrats and wish keep on moving
It really looks sophisticated and unpredictable vulnerability having cross layer scope!