CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

November 14, 2023 at 02:27PM

Researchers from the CISPA Helmholtz Center for Information Security have discovered a new software fault attack called CacheWarp that targets AMD’s Secure Encrypted Virtualization (SEV) technology. The attack exploits a vulnerability in SEV to infiltrate encrypted virtual machines and achieve privilege escalation. AMD has released a microcode update to address the issue. The researchers note that this attack breaks the integrity protections claimed by AMD’s SEV-SNP. Earlier this year, the same researchers revealed a power side-channel attack affecting Intel, AMD, and Arm CPUs.

Key Takeaways from Meeting Notes:

– A group of academics has discovered a new software fault attack on AMD’s Secure Encrypted Virtualization (SEV) technology, known as CacheWarp (CVE-2023-20592).
– CacheWarp is a potential threat that could be exploited by threat actors to infiltrate encrypted virtual machines (VMs) and perform privilege escalation.
– The attack impacts AMD CPUs supporting all variants of SEV.
– The vulnerability is related to the ‘INVD’ instruction, which allows an attacker to drop all modified content in the cache without writing them back to memory.
– The CacheWarp attack uses two primitives called “timewarp” and “dropforge” to bypass OpenSSH authentication and manipulate the logic flow of guest VMs, potentially granting unlimited access to the virtual machine.
– Successful exploitation of this vulnerability can allow an attacker to hijack the control flow of a program and seize control of the VM.
– AMD has released a microcode update to address the issue.
– Researchers from CISPA and Google Project Zero audited AMD’s TEE (SEV-SNP) and found that the attack breaks its integrity, despite AMD’s claims.
– Previously, CISPA researchers had also disclosed a software-based power side-channel attack, Collide+Power (CVE-2023-20583), targeting Intel, AMD, and Arm CPUs.

Please note that this is a summary of the meeting notes and not all the details and technical aspects of the reported vulnerabilities are included.

Full Article