Headline
CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It
Hardware Security / Virtualization
A group of academics has disclosed a new “software fault attack” on AMD’s Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation.
The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It impacts AMD CPUs supporting all variants of SEV.
“For this research, we specifically looked at AMD’s newest TEE, AMD SEV-SNP, relying on the experience from previous attacks on Intel’s TEE,” security researcher Ruiyi Zhang told The Hacker News. “We found the ‘INVD’ instruction [flush a processor’s cache contents] could be abused under the threat model of AMD SEV.”
SEV, an extension to the AMD-V architecture and introduced in 2016, is designed to isolate VMs from the hypervisor by encrypting the memory contents of the VM with a unique key.
The idea, in a nutshell, is to shield the VM from the possibility that the hypervisor (i.e., the virtual machine monitor) could be malicious and thus cannot be trusted by default.
SEV-SNP, which incorporates Secure Nested Paging (SNP), adds “strong memory integrity protection to help prevent malicious hypervisor-based attacks like data replay, memory re-mapping, and more in order to create an isolated execution environment,” according to AMD.
But CacheWarp, according to Zhang, makes it possible to defeat the integrity protections and achieve privilege escalation and remote code execution in the targeted virtual machine -
The instruction `INVD` drops all the modified content in the cache without writing them back to the memory. Hence, the attacker can drop any writes of guest VMs and the VM continues with architecturally stale data. In the paper, we demonstrate that via two primitives, “timewarp” and “dropforge.”
For the timewarp, we can reset what the computer has memorized as the next step. This makes the computer execute code that it executed before because it reads an outdated so-called return address from memory. The computer thus travels back in time. However, the old code is executed with new data (the return value of another function), which leads to unexpected effects. We use this method to bypass OpenSSH authentication, logging in without knowing the password.
Another method, called “Dropforge,” lets the attacker reset changes of guest VMs made to data. With one or multiple drops, the attacker can manipulate the logic flow of guest execution in an exploitable way. Take the `sudo` binary as an example, a return value is stored in the memory (stack) so that the attacker can reset it to an initial value. However, the initial value “0” gives us administrator privilege even when we are not.
With this combination, we have unlimited access to the virtual machine.
Successful exploitation of the architectural bug could permit an attacker to hijack the control flow of a program by reverting to a previous state, and seize control of the VM. AMD has since released a microcode update to fix the “instruction misuse.”
“A team of Google Project Zero and Google Cloud security has audited the newest version of AMD’s TEE (SEV-SNP) last year,” Zhang noted. “AMD also claims that SEV-SNP prevents all attacks on the integrity. However, our attack breaks the integrity of it.”
CISPA researchers, earlier this August, also revealed a software-based power side-channel attack targeting Intel, AMD, and Arm CPUs dubbed Collide+Power (CVE-2023-20583) that could be weaponized to leak sensitive data by breaking isolation protections.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Related news
Red Hat Security Advisory 2024-4575-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support.
Red Hat Security Advisory 2024-0753-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 7.
YouTube’s new rules may not be around for long anyway, because they might run afoul of European Union regulations
Intel has released fixes to close out a high-severity flaw codenamed Reptar that impacts its desktop, mobile, and server CPUs. Tracked as CVE-2023-23583 (CVSS score: 8.8), the issue has the potential to "allow escalation of privilege and/or information disclosure and/or denial of service via local access." Successful exploitation of the vulnerability could also permit a bypass of the CPU's
A group of academics has devised a novel side-channel attack dubbed iLeakage that exploits a weakness in the A- and M-series CPUs running on Apple iOS, iPadOS, and macOS devices, enabling the extraction of sensitive information from the Safari web browser. "An attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using
Cybersecurity researchers have disclosed details of a trio of side-channel attacks that could be exploited to leak sensitive data from modern CPUs. Called Collide+Power (CVE-2023-20583), Downfall (CVE-2022-40982), and Inception (CVE-2023-20569), the novel methods follow the disclosure of another newly discovered security vulnerability affecting AMD's Zen 2 architecture-based processors known as