{"uuid": "3756b446-7bab-4eab-a5ca-ec62464b4154", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2025-40300", "type": "seen", "source": "https://t.me/InfraArtists/192", "content": "\u062e\u0628 \u0645\u0628\u0627\u0631\u06a9\u0647 \n\nA team of researchers at ETH Zurich public university in Switzerland, have developed a new attack that breaks the isolation between VMs and the cloud hypervisor, bypassing existing Spectre mitigations and threatening to leak sensitive data by leveraging speculative execution.\n\nhttps://comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/\n\nThe exploit, called VMScape, exploits insufficient branch predictor isolation between a guest and a userspace hypervisor (like QEMU) allowing a malicious KVM guest to leak sensitive information such as encryption/decryption keys.\n\nThe attack affects all AMD processors from Zen 1 to Zen 5, as well as Intel\u2019s \u201cCoffee Lake\u201d and older CPUs. The newer \u201cRaptor Cove\u201d and \u201cGracemont\u201d are not impacted.\n\nAffected versions\n\nIn the Linux kernel, vulnerability has been resolved in 6.16.7-1\n\nDebian: affected not yet patched\nhttps://security-tracker.debian.org/tracker/CVE-2025-40300\nRed Hat: affected not yet patched \nhttps://access.redhat.com/security/cve/cve-2025-40300\nUbuntu: affected, fix not yet available \nProxmox fixed in:\nPackage proxmox-kernel-6.14.11-2-pve-signed in version 6.14.11-2\nPackage proxmox-kernel-6.14.8-3-bpo12-pve-signed in version 6.14.8-3~bpo12+1\nPackage proxmox-kernel-6.8.12-15-pve-signed in version 6.8.12-15", "creation_timestamp": "2026-07-17T00:00:48.916420Z"}