The Rain research project shows how a malicious virtual machine can abuse transient execution vulnerabilities to leak data from the host, as well as from other virtual machines. This repository contains the research artifact: the L1TF Reloaded exploit and instructions on how to reproduce our results. It also includes the CPU/mitigation profiling code and the noise generation workloads.
For details, we refer you to:
- Paper S&P'26: "Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities"
- Project page: "Rain: Cloud Leakage via Hardware Vulnerabilities"
- Disclosure to Google & AWS: "Vulnerability Disclosure Report: L1TF Reloaded"
- Blog Google & us: "Project Rain:L1TF"
- Blog AWS: "Amazon EC2 defenses against L1TF Reloaded"
- Public disclosure WHY2025: "Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities"
- Talk Hardware.io NL 2025: "Real-World Exploitation of Transient Execution Vulnerabilities to Leak Private Data from Public Clouds"
Our end-to-end exploit, called "L1TF Reloaded", abuses two long-known transient execution vulnerabilities: L1TF and (Half-)Spectre. By combining them, commonly deployed software-based mitigations against L1TF, such as L1d flushing and core scheduling, can be circumvented.
We have launched our exploit against the production clouds of both AWS and Google. Below is a (fast-forwarded) recording of our exploit running within a VM on GCE. The exploit, at runtime, finds another VM on the same physical host, detects that it is running an Nginx webserver, and leaks its private TLS key.
This repository is structured as follows:
deps: exploit dependenciesinclude: exploit headers filesnoise: noise workloadsprofile: CPU and mitigation profilingscripts: utility scriptssetup: reproduction resourcessrc: exploit source code
We provide detailed reproduction instructions for:
The specific gadgets that we leverage have been patched in KVM. On Intel CPUs that are affected by L1TF, only stable kernel releases before 5.4.298, 5.10.242, 5.15.191, 6.1.150, 6.6.104, 6.12.45 or 6.16.5 are vulnerable to this specific attack. The underlying issue is still there, but a different half-Spectre gadget is necessary to exploit L1TF Reloaded on up-to-date production systems. As discussed in our paper, we recommend deploying additional blanket mitigations against L1TF Reloaded's attack strategy, as well as other microarchitectural attacks in general.