Published October 16, 2025
| Version v1
Software
Open
Artifact of "Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities"
Contributors
Researcher (4):
Supervisor (3):
-
1.
Vrije Universiteit Amsterdam
-
2.
University of Birmingham
Description
The Rain research project shows how a malicious virtual machine can abuse transient execution vulnerabilities to leak data from the host, as well as from other virtual machines. This repository contains the research artifact: the L1TF Reloaded exploit and instructions on how to reproduce our results. It also includes the CPU/mitigation profiling code and the noise generation workloads.
For details, we refer you to:
- Paper S&P'26: "Rain: Transiently Leaking Data from Public Clouds Using Old Vulnerabilities"
- Project page: "Rain: Cloud Leakage via Hardware Vulnerabilities"
- Disclosure to Google & AWS: "Vulnerability Disclosure Report: L1TF Reloaded"
- Blog Google & us: "Project Rain:L1TF"
- Blog AWS: "Amazon EC2 defenses against L1TF Reloaded"
- Public disclosure WHY2025: "Spectre in the real world: Leaking your private data from the cloud with CPU vulnerabilities"
- Talk Hardware.io NL 2025: "Real-World Exploitation of Transient Execution Vulnerabilities to Leak Private Data from Public Clouds"
Files
rain.zip
Files
(1.9 MB)
| Name | Size | Download all |
|---|---|---|
|
md5:facabe90d6b3269bf219379dc6afc733
|
1.9 MB | Preview Download |
Additional details
Software
- Repository URL
- https://github.com/vusec/rain
- Programming language
- C
- Development Status
- Concept