#stackwarp

[ follow ]
#sev-snp #amd-epyc #stack-engine #amd-sev-snp #smt-side-channel #virtualization-security
Information security
fromThe Hacker News
1 week ago

New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1-5 CPUs

StackWarp vulnerability lets privileged hosts corrupt SEV‑SNP guest stack pointers to enable code execution and privilege escalation on AMD Zen1–Zen5 processors.
fromTheregister
2 weeks ago

Flipping one bit leaves AMD CPUs open to VM vuln

If you use virtual machines, there's reason to feel less-than-Zen about AMD's CPUs. Computer scientists affiliated with the CISPA Helmholtz Center for Information Security in Germany have found a vulnerability in AMD CPUs that exposes secrets in its secure virtualization environment. The flaw, dubbed StackWarp, potentially allows a malicious insider who controls a host server to access sensitive data within AMD SEV-SNP guests through attacks designed to recover cryptographic private keys, bypass OpenSSH password authentication, and escalate privileges.
Information security
[ Load more ]