November 14, 2023 at 03:34PM
CacheWarp, a new software-based fault injection attack, allows threat actors to hack into AMD SEV-protected virtual machines. The attack exploits vulnerabilities in AMD’s SEV-ES and SEV-SNP technology, designed to protect against malicious hypervisors. Malicious actors can manipulate memory writes to escalate privileges and gain remote code execution. Security researchers have demonstrated attacks on RSA, OpenSSH, and privilege escalation on affected systems. AMD has issued a security advisory and released a microcode patch and updated firmware for customers using the 3rd generation EPYC processors with SEV-SNP enabled.
Key Takeaways from the Meeting Notes:
1. A new software-based fault injection attack, called CacheWarp, allows threat actors to hack into AMD SEV-protected virtual machines.
2. CacheWarp exploits vulnerabilities in AMD’s Secure Encrypted Virtualization-Encrypted State (SEV-ES) and Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technologies.
3. The underlying vulnerability, CVE-2023-20592, was discovered by security researchers from CISPA Helmholtz Center for Information Security, Graz University of Technology, and independent researcher Youheng Lue.
4. CacheWarp enables attackers to manipulate memory and alter the control flow of targeted programs.
5. Successful attacks can lead to hijacking authenticated sessions and escalating privileges.
6. The security researchers have published an academic paper and shared video demos of CacheWarp attacks.
7. AMD has issued a security advisory acknowledging the CacheWarp issue and its impact on SEV-ES and SEV-SNP guest virtual machine memory integrity.
8. CacheWarp affects 1st, 2nd, and 3rd generation AMD EPYC processors with SEV support.
9. There is no mitigation for 1st and 2nd generation EPYC processors due to the lack of protection functionality for guest VM memory. However, a hot-loadable microcode patch and updated firmware image are available for customers using 3rd generation EPYC processors with SEV-SNP enabled.