AMD disclosed two exploits targeting the Secure Encrypted Virtualization (SEV) feature used by its first-, second-, and third-gen EPYC processors ahead of their presentation at the 15th IEEE Workshop on Offensive Technologies (WOOT’21).
The first exploit, CVE-2020-12967, is set to be presented in a paper from researchers at Fraunhofer AISEC and the Technical University of Munich titled “SEVerity: Code Injection Attacks against Encrypted Virtual Machines.”
AMD said the researchers who discovered that flaw “make use of previously discussed research around the lack of nested page table protection in the SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest.”
The second exploit, CVE-2021-26311, will be detailed in a paper with the interestingly capitalized title of “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation” from researchers at the University of Lübeck.
AMD said the research showed ”memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest.”
More information about both exploits is supposed to arrive during WOOT’21 on May 27. (The papers are listed as “Trololo (Title under embargo)” on the workshop’s website; it seems AMD posted their titles earlier than it was supposed to.)
