December 30, 2025
It’s raining leaks in the cloud
L1TF Reloaded
Old chip flaw lets cloud neighbors peek — panic, memes, and finger‑pointing
TLDR: Researchers combined old CPU flaws to show one cloud VM could grab a neighbor’s secret key; vendors say the specific trick is now patched. Commenters are split between “shared cloud is never safe” and “keep calm, update kernels,” with memes mocking performance hits and security theater.
The internet’s popcorn is out after researchers dropped “L1TF Reloaded,” a stunt that shows one renter on a shared cloud server can peek at a neighbor’s secrets using years‑old CPU bugs. Their proof‑of‑concept allegedly pulled a private web key from another virtual machine on Google Cloud — cue gasps, eye‑rolls, and a thousand “I told you so’s.” A fiery thread split fast: one camp shouts, “Shared cloud is never truly isolated,” while others insist this is academic theater because KVM has been patched and newer Linux kernels block this exact trick. AWS hurried out a “we’re covered” post, Google co‑blogged the research, and skeptics called it “PR speedrunning” rather than a real‑world meltdown.
For the normies: this is about old chip glitches (Spectre‑style “peek at what you shouldn’t see”) getting combined in a fresh way. The community drama is peak 2025. Cloud doomers want dedicated servers “like it’s 2009,” pragmatists say risk is low if you’re up to date, and cost hawks groan that blanket defenses slow things down and raise bills. Memes flew: “It’s not a leak, it’s a drizzle,” “Half‑Spectre is Diet Spectre,” and someone posted a bingo card of kernel versions like trading cards. The spiciest question: did the demo touch real customer data? Fans point to the researchers’ coordinated disclosure and patches; cynics just mutter, “Trust, but verify.” Links: paper, project page, Google post, AWS post
Key Points
- •Rain released “L1TF Reloaded,” an exploit combining L1TF and (Half-)Spectre to leak data across VMs and hosts.
- •The exploit was demonstrated on AWS and Google GCE, including leaking an Nginx VM’s private TLS key.
- •Common mitigations like L1d flushing and core scheduling can be bypassed by this combined approach.
- •KVM has patched the specific gadgets used; only kernel releases before 5.4.298, 5.10.242, 5.15.191, 6.1.150, 6.6.104, 6.12.45, or 6.16.5 are vulnerable to this specific attack.
- •Reproduction materials and instructions are provided for GCE and a local Intel Skylake server, and broader mitigations are recommended.