A team of researchers has unveiled CacheWarp, a new attack method targeting a security feature in AMD processors, raising concerns about its impact on protected virtual machines (VMs). CacheWarp specifically affects AMD Secure Encrypted Virtualization (SEV), a CPU extension designed to isolate VMs from underlying hypervisors at the hardware level.
While SEV, especially the new SEV-SNP (Secure Nested Paging), is crucial for safeguarding sensitive data in cloud environments, researchers have identified a potential risk. CacheWarp, described as a software-based fault injection attack, exploits an architectural bug in AMD CPUs, enabling malicious hackers to hijack control flow, break into encrypted VMs, and escalate privileges.
In a scenario where CacheWarp is deployed, a malicious hypervisor gains elevated privileges but lacks control over the data or code within the targeted VM. The researchers highlight that this attack is not a transient-execution or side-channel attack, distinguishing it from other CPU attack methods.
By exploiting CacheWarp, attackers can manipulate variables determining user authentication, revert variables to previous states, and take over old, authenticated sessions. The impact extends to any system powered by an AMD CPU supporting SEV, with users deploying secure VMs using SEV facing the highest risk.
The underlying vulnerability, identified as CVE-2023-20592, prompted AMD to release a security advisory in April 2023, outlining affected products and providing patches. The researchers responsible for CacheWarp’s discovery have released a detailed paper and created a dedicated website offering a high-level summary of the attack.
Additionally, they have published videos demonstrating how the vulnerability can be exploited to bypass OpenSSH authentication and escalate privileges to root via Sudo, emphasizing the importance of vigilance and mitigation measures for users at risk.
Reference:
