Researchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.

Unlike attacks that rely on specific guest VM vulnerabilities, CacheWarp is more versatile and dangerous because it does not depend on the characteristics of the targeted VM. It exploits the underlying architectural weaknesses of AMD SEV, making it a broad threat to systems relying on this technology for security. The CacheWarp attack can bypass robust security measures like encrypted virtualization, posing a significant risk to data confidentiality and integrity in secure computing environments. AMD has issued an update for EPYC Milan with a hot-loadable microcode patch and updated the firmware image without any expected performance degradation. And for the remaining generations, AMD states that no mitigation is available for the first or second generations of EPYC processor (Naples and Rome) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity, and the SEV-SNP is not available.

AMD has published the source code for AMD Secure Encrypted Virtualization (SEV) technology, the backbone of AMD EPYC processor-based confidential computing virtual machines (VMs) available from cloud service providers including Amazon Web Services (AWS), Google Cloud, Microsoft Azure and Oracle Compute Infrastructure (OCI). This release from AMD will drive greater transparency for the security industry and provide customers the opportunity to thoroughly review the technology behind confidential computing VMs powered by AMD EPYC processors.

"As a leader in confidential computing, we are committed to a relentless pursuit of innovation and creating modern security features that complement our ecosystem partners' most advanced cloud offerings," said Mark Papermaster, executive vice president and chief technology officer, AMD. "By sharing the underpinnings of our SEV technology, we are delivering transparency for confidential computing and demonstrating our dedication to open source. Involving the open-source community will further strengthen this critical technology for our partners and customers who expect nothing less than the utmost protection for their most valuable asset - their data."