Aseven-year-old transient execution vulnerability dubbed "L1TF Reloaded" is to blame.
Data from public cloud systems, such as Google Cloud and Amazon Web Services, could be leaked in an attack involving a seven-year-old transient execution vulnerability dubbed "L1TF Reloaded."
According to CyberScoop, only non-sensitive host data was exposed by AWS, according to researchers at the WHY2025 conference.
"For regular users, these CPU vulnerabilities are likely not that much of a threat,” said researchers. “However, that is not the case for public cloud providers. Their business model is to provide remote code execution as a service [emphasis theirs], and to rent out shared hardware resources as efficiently as possible."
Amazon has since noted that AWS Nitro System or Nitro Hypervisor users had no guest data impacted by the intrusion, while Google has emphasised immediate adoption of risk mitigations. "We applied new fixes to the affected assets, including Google Cloud, to mitigate the issue," said a Google spokesperson.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
