A recently discovered software-based fault injection attack named CacheWarp poses a threat to AMD SEV-protected virtual machines, potentially allowing unauthorized access, privilege escalation, and remote code execution.
Exploiting vulnerabilities in AMD’s SEV-ES and SEV-SNP technologies, designed to secure virtual machines against malicious hypervisors, CacheWarp manipulates memory writes to compromise VM integrity. Researchers from CISPA Helmholtz Center for Information Security and Graz University of Technology, along with independent researcher Youheng Lue, unveiled this security flaw (CVE-2023-20592). The attack’s implications include compromising RSA keys, unauthorized access to OpenSSH servers, and privilege escalation to root via the sudo binary. AMD has issued a security advisory, acknowledging the issue’s impact on SEV-ES and SEV-SNP guest VM memory integrity in certain processors.
While no mitigation is available for earlier EPYC processors, a hot-loadable microcode patch and firmware update have been released for 3rd generation EPYC processors with SEV-SNP enabled.