Security News > 2023 > November > New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
This new attack exploits flaws in AMD's Secure Encrypted Virtualization-Encrypted State and Secure Encrypted Virtualization-Secure Nested Paging tech designed to protect against malicious hypervisors and reduce the attack surface of VMs by encrypting VM data and blocking attempts to alter it in any way.
"CacheWarp, a new software-based fault attack on AMD SEV-ES and SEV-SNP, exploiting the possibility to architecturally revert modified cache lines of guest VMs to their previous state," the researchers said.
"In 3 case studies, we demonstrate an attack on RSA in the Intel IPP crypto library, recovering the entire private key, logging into an OpenSSH server without authentication, and escalating privileges to root via the sudo binary."
"Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine memory integrity," AMD says.
For customers using AMD's 3rd generation EPYC processors with the AMD Secure Encrypted Virtualization-Secure Nested Paging feature enabled, AMD has released a hot-loadable microcode patch and updated firmware image.
News URL
Related news
- New ZenHammer memory attack impacts AMD Zen CPUs (source)
- New ZenHammer Attack Bypasses RowHammer Defenses on AMD CPUs (source)
- New Spectre v2 attack impacts Linux systems on Intel CPUs (source)
- Hackers steal Windows NTLM authentication hashes in phishing attacks (source)
- Hackers impersonate U.S. government agencies in BEC attacks (source)
- Chinese State Hackers Target Tibetans with Supply Chain, Watering Hole Attacks (source)
- Magnet Goblin hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers leverage 1-day vulnerabilities to deliver custom Linux malware (source)
- Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware (source)
- Hackers Exploiting Popular Document Publishing Sites for Phishing Attacks (source)