Modern processors are powerful but complex, often exposing subtle security risks. This session explores CVE-2025-21533, a vulnerability in Oracle VM VirtualBox (prior to versions 7.0.24 and 7.1.6) caused by a speculative store bypass. Similar to Meltdown and Spectre, it allows a low-privileged local attacker to exploit speculative execution and cache-based side channels to access sensitive data within virtualized environments. The flaw affects core virtualization components and highlights risks in processor design and isolation mechanisms. Responsibly disclosed and under review, this case underscores the need for stronger security in virtualization platforms and proactive vulnerability research.

In this session, you will learn:

• Risks of speculative execution in modern CPUs;
• Side-channel attacks in virtualized environments;
• Improving security in core virtualization systems.