CacheWarp' AMD VM Bug Opens the Door to Privilege Escalation

Researchers have developed an exploit for AMD CPUs that allows attackers to undermine memory protections, and thereby escalate privileges or perform remote code execution (RCE) in cloud environments.

The issue lies with Secure Encrypted Virtualization (SEV), a seven-year-old extension for AMD's EPYC server processors. The promise of SEV is that users can deploy virtual machines (VMs) even within untrusted hypervisors — environments for running multiple VMs — by encrypting their memory with a key.

On Tuesday, though, a group of German scholars demonstrated in a paper how this security feature can, in fact, expose the very chips it's meant to protect, enabling attackers to roll back time and access exploitable data in memory.

This so-called "CacheWarp" vulnerability, assigned CVE-2023-20592, affects first- through third-generation EPYC processors (not fourth gen). It was granted a 5.3 "Medium" severity score by AMD.

What Is CacheWarp?

At the heart of CacheWarp is a single, exploitable instruction: "INVD." By manipulating INVD, a malicious hypervisor user can selectively wipe the CPU's cache at any given point, reverting it to an old state (hence the name "CacheWarp") with stale data.

At this point, possibilities abound.

"As a consequence, a malicious hypervisor can break into a guest VM without knowing any password," explains Ruiyi Zhang, one of the report's authors. On CacheWarp's website, his team provided a simple example for how it could go down:

"Assume you have a variable determining whether a user is successfully authenticated. By exploiting CacheWarp, an attacker can revert the variable to a previous state and thus take over an old (already authenticated) session. Furthermore, an attacker can revert the return addresses stored on the stack and, by that, change the control flow of a victim program," they explained.

In such a case, Zhang says, "they can achieve privilege escalation, get to the root of your VM, and, in the end, they can just do anything."

A Patch Is Now Available

The researchers first reached out to AMD in late April. On November 14 — the day CacheWarp was revealed, and a proof-of-concept (PoC) exploit released to GitHub — AMD released a microcode patch for third-generation EPYC chips. Unlike with recent transient execution bugs affecting similar chips, the patch isn't expected to cause any performance issues.

"No mitigation is available for the first or second generations of EPYC processors," AMD noted in a security bulletin, "since the SEV and SEV-ES [Encrypted State] features are not designed to protect guest VM memory integrity and the SEV-SNP [Secure Nested Paging] is not available."

When asked about the delay in releasing a patch, AMD told Dark Reading that "Coordinated Vulnerability Disclosure is standard practice in the industry to protect end users. Notification is made to the impacted parties, fixes are developed, then the bulletin and details are published."