Ahoi Attacks: A New Threat to Confidential VMs in the Cloud
Researchers from ETH Zurich have uncovered a new attack method dubbed “Ahoi Attacks” that threatens the security of confidential virtual machines (CVMs) within cloud environments. Described as a family of attacks, there are two variations: Heckler and WeSee. This article explores the technical details of these attacks and their potential impact.
Heckler
Heckler leverages a malicious hypervisor to inject malicious non-timer interrupts into CVMs. These interrupts manipulate data flow and break the integrity and confidentiality of the virtual machine. The assigned CVE identifiers were CVE-2024-25744 and CVE-2024-25743.
The attack specifically targets CVMs protected by hardware-based trusted execution environments (TEEs). These TEEs, like AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel’s Trust Domain Extensions (TDX), are designed to safeguard VMs in the cloud from unauthorized access, even from the cloud service provider itself.
However, the researchers discovered that hypervisors, the software responsible for managing VMs, still hold some control over crucial resource management tasks like interrupts. By exploiting this control, they were able to launch malicious activities within the targeted CVM.
The researchers responsibly disclosed their findings to major tech players including Intel, AMD, and cloud service providers like AWS, Microsoft, and Google, before making them public.
AMD has acknowledged the issue and believes the vulnerability lies within the Linux kernel implementation of SEV-SNP. While Intel hasn’t issued an official statement, the researchers indicate their findings align with AMD’s assessment.
Fortunately, Linux kernel patches and mitigation strategies are available to address this vulnerability. Additionally, AMD offers hardware security features that could potentially prevent such attacks, but these features are not yet supported by the Linux kernel.
Regarding cloud vendors, Microsoft’s Azure appears unaffected. AWS confirms that its EC2 service doesn’t rely on vulnerable technologies but acknowledges the impact on Amazon Linux. They plan to address the kernel issues in a future update. Google has yet to comment on the potential impact on its cloud services.
WeSee
A second Ahoi attack variant, called WeSee, specifically targets AMD SEV-SNP. This attack utilizes a particular interrupt to steal sensitive VM information like kernel TLS session keys. It can also corrupt kernel data to disable firewalls and establish a root shell, granting complete control over the VM. It is tracked under CVE-2024-25742.
Conclusion
Staying informed about these developments and applying security patches is crucial for organizations utilizing CVMs in the cloud. By understanding Ahoi attacks and taking appropriate measures, businesses can safeguard their sensitive data and maintain the integrity of their cloud environments.
The sources for this article include a story from SecurityWeek.