CVE-2023-20592: CacheWrap Vulnerability Affects Prior Generation AMD EPYC CPUs

Published by

teaser
A collaborative research effort between Graz University of Technology and the Helmholtz Center for Information Security has resulted in a detailed examination of the CacheWrap vulnerability, identified as CVE-2023-20592.

This vulnerability affects certain legacy AMD EPYC processors, specifically targeting the first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan product lines.

The vulnerability exploits a weakness in AMD's Secure Encrypted Virtualization (SEV) technology, particularly in the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) implementations. The CacheWrap attack utilizes a software-based fault injection technique that alters the cache memory behavior in a virtual machine (VM) protected by SEV. The attack method forces the cache lines within the VM to revert to their unmodified state, thereby eluding the integrity verification mechanisms of SEV-SNP and allowing undetected fault injection.

Unlike other attacks that depend on specific vulnerabilities within the guest VM, CacheWrap targets inherent architectural weaknesses in AMD's SEV technology, posing a systemic threat to any system employing this form of security. This makes it a significant concern for the safeguarding of data privacy and integrity in environments that depend on encrypted virtualization for protection.

In response to the discovery of this vulnerability, AMD has issued an update for third-generation EPYC Milan processors, which includes a microcode patch that can be loaded dynamically and an updated firmware version that is designed to rectify the issue without impacting system performance. Nevertheless, AMD has indicated that no countermeasures are currently in place for the Naples and Rome generations of EPYC processors. This is due to the limitations of the SEV and SEV-ES features, which do not protect the integrity of guest VM memory, combined with the unavailability of SEV-SNP on these older architectures.

897787jk

Sources: CacheWrapAMD

Share this content
Twitter Facebook Reddit WhatsApp Email Print