CPU information such as in /sys/devices/cpu/.
OK, but CPU information, specifically, is the special case I already mentioned knowing about.
I’m pretty sure that, by default, VirtualBox sets the CPU type identifier inside of the VM to match the CPU type outide of the VM (even if that creates a nonsensical configuration, like a combination of core type and core count that doesn’t correspond to any processor you can actually buy). I definitely know that KVM does that by default.
But you can also configure the hypervisor to try to emulate a specific CPU of your choice, at which point /sys/devices/cpu (and /proc/cpuinfo) should reflect what you told the hypervisor to emulate, rather than the actual hardware. And the hypervisor will at least try to emulate the right instruction set, too (otherwise tons of user programs would bomb). It still can’t do anything about weird timing and errata attacks, but it should keep the contents of /sys from just giving the CPU type away for free.
Do you know of anything that passes through an actual serial number? That’s where things would really get nasty.