U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Two flaws could allow bypassing AMD SEV protection system

The chipmaker AMD published guidance for two new attacks against its SEV (Secure Encrypted Virtualization) protection technology. Chipmaker AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV (Secure Encrypted Virtualization) technology implemented to prevent rogue operating systems on virtual machines. The chipmaker is aware of two research papers, respectively titled […]

amd SEV

The chipmaker AMD published guidance for two new attacks against its SEV (Secure Encrypted Virtualization) protection technology.

Chipmaker AMD has issued guidance for two attacks (CVE-2020-12967, CVE-2021-26311) that allow bypassing the SEV (Secure Encrypted Virtualization) technology implemented to prevent rogue operating systems on virtual machines.

The chipmaker is aware of two research papers, respectively titled “SEVerity: Code Injection Attacks against Encrypted Virtual Machines” and “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation,” related to the two attacks above. The findings about the two attacks will be presented by two research teams at this year’s 15th IEEE Workshop on Offensive Technologies (WOOT’21).

AMD Secure Encrypted Virtualization (SEV) isolates virtual machines and the hypervisor, but the two attacks can allow threat actors to inject arbitrary code into the virtual machine even if the protection mechanism is in place.

The first flaw, tracked as CVE-2020-12967, is caused by the lack of nested page table protection in the AMD SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

The second vulnerability, tracked as CVE-2021-26311, resides in the AMD SEV/SEV-ES feature. According to the security advisory, the memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.

The vulnerabilities impact all AMD EPYC processors, 1st/2nd/3rd Gen AMD EPYC™ Processors and AMD EPYC™ Embedded Processors.

The vendor has provided mitigation in the SEV-SNP feature which is available for enablement in 3rd Gen AMD EPYC™ processors. Customers could mitigate the attacks by enabling SEV-SNP, which is only supported on 3rd Gen AMD EPYC™.  

Customers using prior generations of EPYC processors, which do not support SEV-SNP, should follow security best practices.

The vendor published the following acknowledgement:

  • CVE-2020-12967:  Mathias Morbitzer, Martin Radev and Erick Quintanar Salas from Fraunhofer AISEC and Sergej Proskurin and Marko Dorfhuber from Technical University of Munich
  • CVE-2021-26311: Luca Wilke, Jan Wichelmann, Florian Sieck and Thomas Eisenbarth from University of Lübeck

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, AMD)

[adrotate banner=”5″]

[adrotate banner=”13″]