November 14, 2023 at 01:38PM
Researchers have discovered a flaw in AMD’s SEV trusted execution environment called CacheWarp that allows attackers to manipulate cache lines and memory, potentially leading to arbitrary code execution, data exposure, or privilege escalation within a guest VM. AMD has been notified of the vulnerability and plans to issue patches to mitigate the issue. AMD will provide further details in a bulletin on Tuesday.
Key takeaways from the meeting notes:
1. Researchers in Germany and Austria have discovered a flaw in AMD’s SEV trusted execution environment called CacheWarp.
2. CacheWarp is a software-based fault attack that targets AMD Secure Encrypted Virtualization (SEV), which separates virtual machines (VMs) from their hypervisor.
3. CacheWarp works by interfering with the mapping of virtual memory to physical memory, using the APIC timer to interrupt context switches between guest and host processes.
4. A successful CacheWarp attack could result in arbitrary code execution within a guest VM, exposure of sensitive data, or privilege escalation.
5. CacheWarp affects all versions of SEV, including SEV-ES and SEV-SNP.
6. The researchers have informed AMD of their findings, and AMD plans to release a microcode patch for SEV-SNP and an SEV firmware update for Zen 3 EPYC Milan CPUs.
7. The researchers suggest fixing CacheWarp at the hardware level by preventing the invd instruction from being used if AMD SEV is enabled.
8. AMD plans to publish more details in a bulletin on Tuesday.