A group of academics has disclosed a new “software fault attack” in AMD’s Secure Encrypted Virtualization (SEV SEARCHED) technology that threat actors can potentially exploit to penetrate encrypted virtual machines (VMs) and even perform privilege escalation.
The attack was codenamed CacheWarp (CVE-2023-20592) by researchers from the CISPA Helmholtz Center for Information Security. This affects AMD CPUs that support all SEV variants.
“For this research, we specifically looked at AMD’s latest TEE, AMD SEV-SNP, relying on experience from previous Intel’s TEE attacks,” security researcher Ruiyi Zhang said. on The Hacker News. “We found the ‘INVD’ instruction (flushing the contents of the processor cache) could be abused under the AMD SEV threat model.”
SEV, and extension on the AMD-V architecture and introduced in 2016, is designed to isolate VMs from the hypervisor by encrypting the contents of the VM’s memory using a unique key.
The idea, in short, is to protect the VM from the possibility that the hypervisor (ie, the virtual machine monitor) becomes malicious and thus untrusted by default.
SEV-SNP, which includes Secure Nested Paging (SNP), adds “robust memory integrity protection to help prevent hypervisor-based malicious attacks such as data replay, -memory re-mapping, etc. to create a remote execution environment,” ACCORDING in AMD.
But CacheWarp, according to Zhang, makes it possible to defeat integrity protections and achieve privilege escalation and remote code execution on the targeted virtual machine –
The `INVD` instruction dumps all modified cache contents without writing them back to memory. Therefore, the attacker can drop any writes to the guest VM and the VM maintains the architecture without stopping the data. On paper, we demonstrate that through two primitives, “timewarp” and “dropforge.”
For the timewarp, we can reset what the computer memorized as the next step. This makes the computer execute the code it was executing before because it reads an old one called the return address from memory. So the computer went back in time. However, the old code is executed on the new data (the return value of another function), which leads to unexpected effects. We use this method to bypass OpenSSH authentication, logging in without knowing the password.
Another method, called “Dropforge,” allows the attacker to reset the changes the guest VM made to the data. With one or more leaks, the attacker can manipulate the logic flow to kill the visitor in an exploitative way. Take the `sudo` binary as an example, a return value is stored in memory (stack) so an attacker can reset it to an initial value. However, the initial value of “0” gives us administrator privilege even if we don’t have one.
With this combination, we have unlimited access to the virtual machine.
Successful exploitation of the architectural bug may allow an attacker to hijack the control flow of a program by returning to a previous state, and seizing control of the VM. AMD since then released a microcode update to fix “instruction misuse.”
“A Google Project Zero and Google Cloud security team has audited the latest version of AMD’s TEE (SEV-SNP) last year,” Zhang said. “AMD also claims that SEV-SNP prevents all integrity attacks. However, our attack destroyed its integrity. “
CISPA researchers, earlier this August, also disclosed a software-based power side-channel attack targeting Intel, AMD, and Arm CPUs called Collide+Power (CVE-2023- 20583) that can be weaponized to leak sensitive data by breaching isolation protections.