AMD Secure Encrypted Virtualization (SEV) Vulnerability Disclosed

A Security Vulnerability in AMD’s Secure Encrypted Virtualization (SEV)

A security vulnerability has been disclosed in AMD’s Secure Encrypted Virtualization (SEV) that could permit an attacker to load a malicious CPU microcode under specific conditions.

The Flaw

The flaw, tracked as CVE-2024-56161, carries a CVSS score of 7.2 out of 10.0, indicating high severity.

Improper Signature Verification

Improper signature verification in AMD CPU ROM microcode patch loader may allow an attacker with local administrator privilege to load malicious CPU microcode resulting in loss of confidentiality and integrity of a confidential guest running under AMD SEV-SNP.

Credit to Google Security Researchers

AMD credited Google security researchers Josh Eads, Kristoffer Janke, Eduardo Vela, Tavis Ormandy, and Matteo Rizzo for discovering and reporting the flaw on September 25, 2024.

What is SEV-SNP?

SEV-SNP is a security feature that uses a unique key per virtual machine to isolate virtual machines (VMs) and the hypervisor from one another. SNP, which stands for Secure Nested Paging, incorporates memory integrity protections to create an isolated execution environment and safeguard against hypervisor-based attacks.

Additional Security Enhancements

SEV-SNP introduces several additional optional security enhancements designed to support additional VM use models, offer stronger protection around interrupt behavior, and offer increased protection against recently disclosed side channel attacks.

Impact of the Vulnerability

In a separate bulletin, Google noted that CVE-2024-56161 is the result of an insecure hash function in the signature validation for microcode updates, which opens the door to a scenario where an adversary could compromise confidential computing workloads.

Test Payload and Fix

The company has also released a test payload to demonstrate the vulnerability, but additional technical details have been withheld for another month so as to give enough time for the fix to be propagated across the "deep supply chain."

Stay Up-to-Date with The Hacker News

Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post.