IntelとAMDのCPUの新たな脆弱性VMScope (CVE-2025-40300)について。チューリッヒ工科大学の研究。マイクロアーキテクチャ上の欠陥で、Spectre-BTIの新種。近隣仮想マシンに干渉できるVMエスケープの脆弱性。Coffee LakeとZen第1-5世代に影響。 securityonline.info/vmscape-…

ETHチューリッヒの研究者らは、IntelやAMD CPUの分岐予測器に残る状態を悪用し、仮想マシンの隔離を突破する「VMScope」攻撃を実証した。これにより悪意あるゲストVMがハイパーバイザーのメモリを直接盗み見でき、暗号鍵や顧客データが流出する恐れがある。 研究チームは「VMSCAPE」と名付けたSpectre-BTI系の攻撃手法を開発し、AMD Zen 4環境でQEMUプロセスから任意のメモリを1秒あたり32バイト抽出できることを示した。従来のSpectre攻撃は非現実的な前提を必要としたが、VMSCAPEは既存ソフトに改変を加えず成立する初の実用的なVMエスケープである。対象はAMD Zen 1〜5とIntel Coffee Lakeで、クラウド隔離モデルを根本から揺るがす。 LinuxカーネルではIBPB-on-VMEXIT（ゲストからホストへ切り替わる際に分岐予測器をフラッシュする手法）が緩和策として導入され、性能への影響は限定的とされる。研究者らは「既存のハードウェア対策があっても依然として攻撃可能である」と強調している。 securityonline.info/vmscape-…

Yes thats true, but that'll only cause problems when you launch a coroutine in vmscope, without specifying any dispatcher. Inject dispatchers and dont forget to use them with every coroutine being launched. This is what you meant, right? @CatalinGhita4

hesgoal but the thing dey lag rn

Oh my, what happened exactly ??

Excellent event. Thank you for the invitation. Great to see so much innovation across the field!

“Illustrating State-of-the-Art #AI #Applications” is now live at #EMPAIAAcademy: industry presentations by: @aiforia_tech @AIgnostics @asgen_ai @ContextVision @hsanalysis @IbexMedAx @Indica_Labs #MindPeak @paige_ai @RocheDia @Visiopharm @VMscope #EMPAIA #Pathology

Had one recently and had several in the past. This happens generally when I am the only interviewer, though some have been bold enough to say it with more people in the room. My fav low-key way is "When should I expect my interviewer to come?" when I step into the room.

Watch "State-of-the-Art #AI Applications" at #EMPAIAAcademy on Sept. 22nd Short industry presentations by: @aiforia_tech @AIgnostics @asgen_ai @ContextVision @hsanalysis @IbexMedAx @Indica_Labs #MindPeak @paige_ai @Roche @Visiopharm #VMscope #pathology #digitalpathology #cpath

Bruh. The game was over before I got in.

Watch this bro x.com/madrid_issa10/status/1…

He's a good finisher and his heading is on point

No, there are enough developers in Australia at the moment so there wouldn’t be need for that. We will find them locally without too much hassle.

This fits perfect

IT WAS HER DECISION SO RESPECT HER DECISION #COYS

Yesss it’s on my list

Fulani Bandits attacking Hausa communities... ...reason for the lethargic response from Buhari's government.

Then why start what he can't finish In a bid to sound politically correct, people just ending up defending rubbish

Focus on trains by using $600k to launch an airline logo 5 years before you need it. ✌🏾

Rail on wrong ruites that can't even generate money to run it talk more of paying back loans used to build it? Must be nice