Skip to content

comsec-group/vmscape

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
benchmark
benchmark
 
 
cache-eviction
cache-eviction
 
 
uARF
uARF
 
 
vbti_analysis
vbti_analysis
 
 
vmscape
vmscape
 
 
.clang-format
.clang-format
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 

Repository files navigation

VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments

This repository contains all artefacts for our research paper "VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments". It contains all resources necessary to reproduce and further explore our work.

VMScape (CVE-2025-40300) brings Spectre branch target injection (Spectre-BTI) to the cloud, revealing a critical gap in how branch predictor states are isolated in virtualized environments. Our systematic analysis of protection-domain isolation shows that current mechanisms are too coarse-grained: On all AMD Zen CPUs, including the latest Zen 5, the branch predictor cannot distinguish between host and guest execution, enabling practical cross-virtualization BTI (vBTI) attack primitives. Although Intel's recent CPUs offer better isolation, gaps still exist.

Note

This repository is still work-in-progress. More information, helper scripts and instructions will be added over the next few days.
Authors: Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, Kaveh Razavi
Organization: ETH Zürich, COMSEC Group
Published at: 47th IEEE Symposium on Security and Privacy
Webpage: https://comsec.ethz.ch/vmscape
Paper: https://comsec-files.ethz.ch/papers/vmscape_sp26.pdf

Overview

Important

All work was conducted on Ubuntu 24.04, and functionality has only been verified on this version.

Our artefacts are structured as follows:

  • e2e Exploit VMScape: The end-to-end exploit leaking QEMU secrets on Zen 4 and Zen 5, as described in our §8 of our paper.

  • vBTI Analysis: The systematic analysis testing domain isolation in virtualised environments, as described in §5 of our paper.

  • Benchmarks: Our scripts to benchmark the mitigations, as described in §9.2 of our paper.

  • uARF: Our custom reverse-engineering and exploitation library.

Citing our Paper

Please use the following BibTeX entry to cite our work:

@inproceedings{graf_vmscape_2026,
 title = {{VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments}},
 author = {Graf, Jean-Claude and Rüegge, Sandro and Hajiabadi, Ali and Razavi, Kaveh},
 booktitle = {Proceedings of the 2026 IEEE Symposium on Security and Privacy (SP)},
 year = {2026},
 month = may,
 booktitle = {{S\&P}},
}

About

Artefacts for: "VMScape: Exposing and Exploiting Incomplete Branch Predictor Isolation in Cloud Environments"

comsec.ethz.ch/research/microarch/vmscape-exposing-and-exploiting-incomplete-branch-predictor-isolation-in-cloud-environments/

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

20 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

Languages