Wednesday, November 15th 2023

AMD EPYC CPUs Affected by CacheWarp Vulnerability, Patches are Already Available

Researchers at Graz University of Technology and the Helmholtz Center for Information Security have released their paper on CacheWarp—the latest vulnerability affecting some of the prior generation AMD EPYC CPUs. Titled CVE-2023-20592, the exploit targets first-generation EPYC Naples, second-generation EPYC Rome, and third-generation EPYC Milan. CacheWarp operates by exploiting a vulnerability in AMD's Secure Encrypted Virtualization (SEV) technology, specifically targeting the SEV-ES (Encrypted State) and SEV-SNP (Secure Nested Paging) versions. The attack is a software-based fault injection technique that manipulates the cache memory of a virtual machine (VM) running under SEV. It cleverly forces modified cache lines of the guest VM to revert to their previous state. This action circumvents the integrity checks that SEV-SNP is designed to enforce, allowing the attacker to inject faults without being detected.

Unlike attacks that rely on specific guest VM vulnerabilities, CacheWarp is more versatile and dangerous because it does not depend on the characteristics of the targeted VM. It exploits the underlying architectural weaknesses of AMD SEV, making it a broad threat to systems relying on this technology for security. The CacheWarp attack can bypass robust security measures like encrypted virtualization, posing a significant risk to data confidentiality and integrity in secure computing environments. AMD has issued an update for EPYC Milan with a hot-loadable microcode patch and updated the firmware image without any expected performance degradation. And for the remaining generations, AMD states that no mitigation is available for the first or second generations of EPYC processor (Naples and Rome) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity, and the SEV-SNP is not available.
Sources: CacheWarp, AMD
Add your own comment

7 Comments on AMD EPYC CPUs Affected by CacheWarp Vulnerability, Patches are Already Available

#1
Toothless
Tech, Games, and TPU!
Typo in first sentence mate.
Posted on Reply
#2
ncrs
This isn't the only CPU vulnerability that was disclosed yesterday.
For AMD client CPUs there's few issues that require AGESA updates - AMD Client Vulnerabilities – November 2023
For Intel client (10th to 13th gens) and server CPUs there's a quite interesting vulnerability discovered by Google called Reptar. Basically a program can corrupt the internal CPU state making the computer crash, even while in a VM. Microcode/BIOS updates are required.
Posted on Reply
#3
Daven
Is it Cache Wrap or Cache Warp?
Posted on Reply
#4
Toothless
Tech, Games, and TPU!
DavenIs it Cache Wrap or Cache Warp?
I missed that one! Wonder if article was proofread before getting put out. Not bashing on AleksandarK but TPU articles should be sent through the proofreader before postings.
Posted on Reply
#5
AleksandarK
News Editor
ToothlessI missed that one! Wonder if article was proofread before getting put out. Not bashing on AleksandarK but TPU articles should be sent through the proofreader before postings.
Good note! My grammarly app needs more words lol
Posted on Reply
#6
SOAREVERSOR
But does it impact gaming, make cheaper GPUs, or does it have RGB. If not, gamers don't care. 60hz 1080p low detail PC gaming master race!!!!!!!!!!!!!!!!!!!
Posted on Reply
#7
TheinsanegamerN
DavenIs it Cache Wrap or Cache Warp?
Cache Wrap sound like a new 3d cache tech from AMD. Or a very crunchy burrito.
Posted on Reply
Dec 18th, 2024 05:19 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts