Researchers from the Swiss Higher Technical School of Zurich have developed a new attack method called VMSCAPE. This attack allows bypassing existing protections against Spectre-BTI attacks (Branch Target Injection) to violate isolation between virtual machines and hypervisor components working in user space, such as Qemu-KVM. The attack enables accessing the memory contents of these components through manipulations from the guest system.
The memory of hypervisor components in user space may contain confidential data, such as access to encrypted disk sections. Attackers could potentially exploit this to extract confidential data from the guest system’s kernel and other guest systems, compromising cloud provider infrastructure. Researchers have created an exploit example that allows a KVM-based guest system to extract information about encryption keys from a Virtio-based Qemu component on the host side in user space. The data leakage rate from the Qemu process on a system with an AMD Zen 4 CPU was measured at 32 bytes per second.
These attacks fall into the SPACTRE-BTI class, specifically targeting Branch Target Injection.