Security News > 2023 > November > CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs

CacheWarp Attack: New Vulnerability in AMD SEV Exposes Encrypted VMs
2023-11-14 18:40

A group of academics has disclosed a new "software fault attack" on AMD's Secure Encrypted Virtualization (SEV) technology that could be potentially exploited by threat actors to infiltrate encrypted virtual machines (VMs) and even perform privilege escalation. The attack has been codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. It


News URL

https://thehackernews.com/2023/11/cachewarp-attack-new-vulnerability-in.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2023-11-14 CVE-2023-20592 Unspecified vulnerability in AMD products
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity.
network
low complexity
amd
6.5

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
AMD 825 29 119 80 22 250