ClickCease CacheWarp AMD CPU Attack Grants Root Access in Linux VMs

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

CacheWarp AMD CPU Attack Grants Root Access in Linux VMs

Rohan Timalsina

November 30, 2023 - TuxCare expert team

Recently, security researchers have discovered a new attack method named CacheWarp. This attack poses a threat to AMD SEV-protected virtual machines, allowing malicious actors to gain unauthorized access by targeting memory writes to escalate privileges and execute remote code.

CacheWarp takes advantage of vulnerabilities in AMD’s Secure Encrypted Virtualization-Encrypted State (SEV-ES) and Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technologies. These technologies are designed to safeguard against malicious hypervisors, encrypting VM data, and preventing unauthorized alterations.

 

CacheWarp Attack Details

 

Discovered by security researchers from CISPA Helmholtz Center for Information Security and Graz University of Technology, along with independent researcher Youheng Lue, the underlying vulnerability (CVE-2023-20592) is at the core of CacheWarp.

The researchers explained, “CacheWarp, a new software-based fault attack on AMD SEV-ES and SEV-SNP, exploits the possibility to architecturally revert modified cache lines of guest VMs to their previous (stale) state.”

The implications of successful CacheWarp attacks are significant. Malicious actors could revert authentication variables to a previous version, potentially hijacking authenticated sessions. Additionally, CacheWarp enables attackers to manipulate return addresses on the stack, altering the control flow of targeted programs.

To further illustrate the severity of the threat, the researchers conducted case studies demonstrating attacks on RSA in the Intel IPP crypto library, gaining access to an OpenSSH server without authentication, and escalating privileges to root via the sudo binary.

 

Conclusion

 

In response to this threat, AMD has issued a security advisory acknowledging the CacheWarp issue’s discovery in the INVD instruction, potentially leading to a loss of SEV-ES and SEV-SNP guest VM memory integrity.

According to AMD, the affected processors include:

  • 1st Gen AMD EPYC Processors (SEV and SEV-ES)
  • 2nd Gen AMD EPYC Processors (SEV and SEV-ES)
  • 3rd Gen AMD EPYC Processors (SEV, SEV-ES, SEV-SNP)

Fortunately, the issue does not impact AMD 4th generation ‘Genoa’ EPYC processors (Zen 4 microarchitecture).

For users of 3rd generation EPYC processors with the AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature enabled, AMD has released a hot-loadable microcode patch and an updated firmware image.

Importantly, AMD assures users that applying the patch should not result in any performance degradation. It is essential for affected users to promptly implement these security measures to safeguard their systems against potential CacheWarp attacks.

 

The sources for this article include a story from BleepingComputer.

Summary
CacheWarp AMD CPU Attack Grants Root Access in Linux VMs
Article Name
CacheWarp AMD CPU Attack Grants Root Access in Linux VMs
Description
Learn about CacheWarp, a new AMD CPU attack targeting SEV-protected VMs. Discover security measures to safeguard against potential exploits.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter