Two New Security Vulnerabilities to Affect AMD EPYC Processors

[AleksandarK]

AMD processors have been very good at the field of security, on par with its main competitor, Intel. However, from time to time, researchers find new ways of exploiting a security layer and making it vulnerable to all kinds of attacks. Today, we have information that two new research papers are being published at this year's 15th IEEE Workshop on Offensive Technologies (WOOT'21) happening on May 27th. Both papers are impacting AMD processor security, specifically, they show how AMD's Secure Encrypted Virtualization (SEV) is compromised. Researchers from the Technical University of Munich and the University of Lübeck are going to present their papers on CVE-2020-12967 and CVE-2021-26311, respectfully.

While we do not know exact details of these vulnerabilities until papers are presented, we know exactly which processors are affected. As SEV is an enterprise feature, AMD's EPYC lineup is the main target of these two new exploits. AMD says that affected processors are all of the EPYC embedded CPUs and the first, second, and third generation of regular EPYC processors. For third-generation EPYC CPUs, AMD has provided mitigation in SEV-SNP, which can be enabled. For prior generations, the solution is to follow best security practices and try to avoid an exploit.


View at TechPowerUp Main Site

 

[DeathtoGnomes]

waiting patiently for the opposing team to say the sky is falling.

May 27th is the date for that little get together.

 

[AleksandarK]

How long til the white paper is released?

WOOT 2021 is on May 27th, so that's the day.

 

[lexluthermiester]

It should be noted that both of the vulnerabilities listed in this article are awaiting analysis and verification.

NVD - CVE-2020-12967

nvd.nist.gov

NVD - CVE-2021-26311

nvd.nist.gov

 

[DeathtoGnomes]

WOOT 2021 is on May 27th, so that's the day.

hehe I edited while you replied.

 

[mtcn77]

A new security vulnerability has been found that only affects Intel CPUs - AMD users need not concern regarding this issue.

Cuckoo alert.

 

[GeorgeJr]

AMD processors have been very good at the field of security, on par with its main competitor, Intel

I love that 1st sentence.

 

[Caring1]

"AMD processors have been very good at the field of security, on par with superior to its main competitor, Intel."

Fixed that.

 

[Melvis]

I love that 1st sentence.

Thats exactly what i was about to say!

Someone had there head in the sand with the amount of security exploits Intel has had with there CPUs from the last 15yrs lol

 

[voltage]

waiting patiently for the opposing team to say the sky is falling.

May 27th is the date for that little get together.

I bet you were the one who said it when the focus was on Intel. ha!

It will be nice when two more generations of hardware mitigation have been implemented. As stated in other articles in the past two years, all processor companies are suppose to implement by the end of 2023. Hopefully by then most of these flaws will be fixed.

research yourself, on google or bing etc.

 

[ZoneDymo]

tinfoil hat time:

what if companies deliberately leave these vulnerabilities in and then themselves expose these leading them to have to fix it at the cost of performance so they can sell you newer "now MUCH faster" processors, aka, form of planned obsolescence.

time to wake up sheeple !

 

[The red spirit]

I may come off as somewhat an idiot here, but do those vulnerabilities even matter to anyone? Pretty much every CPU is vulnerable in some ways and hardly anyone cared about that before spectre and meltdown. I don't really think that it's truly as relevant problem as media says. BTW every processor ever made has some list of errata, which is often not fixed completely.

 

[Imsochobo]

I may come off as somewhat an idiot here, but do those vulnerabilities even matter to anyone? Pretty much every CPU is vulnerable in some ways and hardly anyone cared about that before spectre and meltdown. I don't really think that it's truly as relevant problem as media says. BTW every processor ever made has some list of errata, which is often not fixed completely.

Yes they do.

"
The exploits mentioned in both papers require a malicious administrator to have access in order to compromise the server hypervisor.

"

This is not that much of an issue for many, it defends My VM at Microsoft, Amazon or wherever from other VM's.

However, AMD SEV also has a sales point of protecting me against Microsoft, Amazon or whatever as they should not know what's even going on in my VM hosted by them, so while it's not meltdown levels of security flaw it's a security issue that goes straight up against one of amd's sales points of SEV.

We'll have to wait and see if it matters, or is purely proof of concept or if it's patched or just.. broken SEV from that point of view.

 

[The red spirit]

Yes they do.

"
The exploits mentioned in both papers require a malicious administrator to have access in order to compromise the server hypervisor.

"

This is not that much of an issue for many, it defends My VM at Microsoft, Amazon or wherever from other VM's.

However, AMD SEV also has a sales point of protecting me against Microsoft, Amazon or whatever as they should not know what's even going on in my VM hosted by them, so while it's not meltdown levels of security flaw it's a security issue that goes straight up against one of amd's sales points of SEV.

We'll have to wait and see if it matters, or is purely proof of concept or if it's patched or just.. broken SEV from that point of view.

Perhaps in such case it does matter a bit, but still I'm pretty sure that CPUs have some other vulnerabilities anyway, so stressing out about the latest one seems a bit pointless.

 

[Raevenlord]

Cuckoo alert.

It's a different issue, son.

 

[Camm]

Somewhat significant, but if you have to compromise the Hypervisor to do it, its really only of concern when running in public cloud and you don't trust the vendor running it to secure the hypervisor.

 

[DeathtoGnomes]

what if companies deliberately leave these vulnerabilities in

Would it surpirse you if this was a request by a government agency, like the NSA?

 

[1d10t]

CVE-2021-26311

CVE-2020-12967

Basically its possible, but not on guest or hosted VM side, for user / consumer perspective this should be harmless.

 

[lexluthermiester]

Would it surpirse you if this was a request by a government agency, like the NSA?

How would such entities pull off an exploit? They would still need physical access and at that point there are much easier way to gain access to the data they might want. Unless you're a high profile target, you still have almost completely nothing to worry about.

CVE-2021-26311

CVE-2020-12967

Basically its possible, but not on guest or hosted VM side, for user / consumer perspective this should be harmless.

Those have no technical data links.

 

[1d10t]

Those have no technical data links.

There are reference link if you want dig further.

 

[Tomorrow]

I may come off as somewhat an idiot here, but do those vulnerabilities even matter to anyone? Pretty much every CPU is vulnerable in some ways and hardly anyone cared about that before spectre and meltdown. I don't really think that it's truly as relevant problem as media says. BTW every processor ever made has some list of errata, which is often not fixed completely.

It starts to matter if fixes for these vulnerabilities cause performance loss like it did with those Intel models that did not have hardware mitigations. On older CPU's there can be a severe performance penalty when they are fully patched. The newer ones have hardware mitigations and are thus much less affected.

So from average users perspective these vulnerabilities do matter but not in terms of security.

 

[mtcn77]

It's a different issue, son.

Like who issued the vulnerability, I say it's even.

the University of Lübeck

in partnership with the University of Lübeck

 

[lexluthermiester]

There are reference link if you want dig further.

And I quoted those in my above post. The white papers have not been released and the vulnerabilities are still being investigated.

 

[BorisDG]

Now since AMD are catching up with market share, I won't be surprised if they ended having more vulnerabilities than Intel. LUL

 

[1d10t]

And I quoted those in my above post. The white papers have not been released and the vulnerabilities are still being investigated.

Oh, so you're implying that my post are redundant.