CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

by

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

November 14, 2023 at 02:27PM

Researchers from the CISPA Helmholtz Center for Information Security have discovered a new software fault attack called CacheWarp that targets AMD’s Secure Encrypted Virtualization (SEV) technology. The attack exploits a vulnerability in SEV to infiltrate encrypted virtual machines and achieve privilege escalation. AMD has released a microcode update to address the issue. The researchers note that this attack breaks the integrity protections claimed by AMD’s SEV-SNP. Earlier this year, the same researchers revealed a power side-channel attack affecting Intel, AMD, and Arm CPUs.

Key Takeaways from Meeting Notes:

– A group of academics has discovered a new software fault attack on AMD’s Secure Encrypted Virtualization (SEV) technology, known as CacheWarp (CVE-2023-20592).
– CacheWarp is a potential threat that could be exploited by threat actors to infiltrate encrypted virtual machines (VMs) and perform privilege escalation.
– The attack impacts AMD CPUs supporting all variants of SEV.
– The vulnerability is related to the ‘INVD’ instruction, which allows an attacker to drop all modified content in the cache without writing them back to memory.
– The CacheWarp attack uses two primitives called “timewarp” and “dropforge” to bypass OpenSSH authentication and manipulate the logic flow of guest VMs, potentially granting unlimited access to the virtual machine.
– Successful exploitation of this vulnerability can allow an attacker to hijack the control flow of a program and seize control of the VM.
– AMD has released a microcode update to address the issue.
– Researchers from CISPA and Google Project Zero audited AMD’s TEE (SEV-SNP) and found that the attack breaks its integrity, despite AMD’s claims.
– Previously, CISPA researchers had also disclosed a software-based power side-channel attack, Collide+Power (CVE-2023-20583), targeting Intel, AMD, and Arm CPUs.

Please note that this is a summary of the meeting notes and not all the details and technical aspects of the reported vulnerabilities are included.

Full Article

By proceeding you understand and give your consent that your IP address and browser information might be processed by the security plugins installed on this site.
×