Some AMD EPYC server CPUs have a serious security flaw, so patch now

A recently discovered AMD EPYC flaw allows for privilege escalation

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybersecurity researchers fromAMDand the Graz University of Technology have discovered a vulnerability affecting certain AMDserverCPUs that allows for privilege escalation, as well as for remote code execution.

As per the report (which even has a dedicated websitehere), the flaw is present in AMD EPYC Processors from first to third generation, and is found in the Secure ENcrypted Virtualization-Encrypted State (SEV-ES) and Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP). Ironically enough, these technologies were introduced to protect against malicious hypervisors and shrink the attack surface of virtual machines. In other words - a feature designed to bolster security has actually compromised it.

The flaw, dubbed CacheWarp, is tracked as CVE-2023-20592 and at press time didn’t have a severity score.

Reader Offer: $50 Amazon gift card with demoPerimeter 81’s Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.

Preferred partner (What does this mean?)

Microcode and firmware updates

“In 3 case studies, we demonstrate an attack on RSA in theIntelIPP crypto library, recovering the entire private key, logging into an OpenSSH server without authentication, and escalating privileges to root via the sudo binary,” the researchers said in the paper.

Soon after the paper was published, AMD released a security advisory acknowledging the flaw. It said CacheWarp was found in the INVD instruction, which could result in the loss of memory integrity of SEV-ES and SEV-SNP guest virtual machines.

“Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity,” AMD said.

While EPYC Processors generations 1-3 were affected, it’s just the third generation that is getting a fix. This fix is a hot-loadable microcode patch and an updated firmware image. Users are advised to address the issue immediately. AMD says the patch will not affect the devices’ performance.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

This new phishing strategy utilizes GitHub comments to distribute malware

Should your VPN always be on?

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics