AMD disclosed two exploits targeting the Secure Encrypted Virtualization (SEV) feature used by its first-, second-, and third-gen EPYC processors ahead of their presentation at the 15th IEEE Workshop on Offensive Technologies (WOOT’21).
The first exploit, CVE-2020-12967, is set to be presented in a paper from researchers at Fraunhofer AISEC and the Technical University of Munich titled “SEVerity: Code Injection Attacks against Encrypted Virtual Machines.”
AMD said the researchers who discovered that flaw “make use of previously discussed research around the lack of nested page table protection in the SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest.”
The second exploit, CVE-2021-26311, will be detailed in a paper with the interestingly capitalized title of “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation” from researchers at the University of Lübeck.
AMD said the research showed ”memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest.”
Even though both exploits affect three generations of EPYC processors, only third-generation models will receive a mitigation directly from AMD courtesy of the SEV-Secure Nested Paging feature described in a white paper in January 2020.
As for first- and second-gen EPYC processors: AMD said it “recommends following security best practices” to mitigate exposure to these exploits. That isn’t particularly actionable advice, but fortunately, it shouldn’t prove too hard to follow. We're following up to see if these issues will receive their own mitigations.
AMD said the “exploits mentioned in both papers require a malicious administrator to have access in order to compromise the server hypervisor.” Requiring physical access should limit the exploits’ reach—especially during a global pandemic.
More information about both exploits is supposed to arrive during WOOT’21 on May 27. (The papers are listed as “Trololo (Title under embargo)” on the workshop’s website; it seems AMD posted their titles earlier than it was supposed to.)