company logo

Product

Our Product

We are Reshaping the way Developers find and fix vulnerabilities before they get exploited.

Solutions

By Industry

BFSI

Healthcare

Education

IT & Telecom

Government

By Role

CISO

Application Security Engineer

DevsecOps Engineer

IT Manager

Resources

Resource Library

Get actionable insight straight from our threat Intel lab to keep you informed about the ever-changing Threat landscape.

Subscribe to Our Weekly Threat Digest

Company

Contact Us

Have queries, feedback or prospects? Get in touch and we shall be with you shortly.

loading..
loading..
loading..
Loading...

AMD

SEV

Vulnerability

loading..
loading..
loading..

AMD discovered two new vulnerability capable of bypassing SEV Protection System

AMD's guidelines highlighted CVE-2020-12967 was detected as the first vulnerability due to the lack of nested page table protection in the AMD SEV/SEV-ES featur...

18-May-2021
3 min read

AMD released guidelines followed by the discovery of two freshly new attacks targeting its Secure Encrypted Virtualization. The Chipmaker referred to a set of two research papers, titled “SEVerity: Code Injection Attacks against Encrypted Virtual Machines” and “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation, ” were believed to be linked to the attacks CVE-2020-12967 & CVE-2021-26311 allowing to bypass their inbuilt technology prevent any rogue operating systems on virtual machines labeled as Secure Encrypted Virtualization(SEV).

According to the guidelines released by AMD, CVE-2020-12967 was detected as the first vulnerability due to the lack of nested page table protection in the AMD SEV/SEV-ES feature may potentially lead to arbitrary code execution within the guest Virtual Machine if any malicious administrator has access to jeopardize the server hypervisor.

While CVE-2021-26311, which is the second vulnerability, stays within the AMD SEV/SEV-ES feature. But as the attestation mechanism can not detect the guest address space due to the memory rearrangement possibly utilized by a malicious hypervisor, potentially leading to arbitrary code execution within the guest Virtual Machine if a malicious administrator has access to compromise the server hypervisor.

Besides, the two researchers from AMD will also present discoveries of two attacks at this year’s 15th IEEE Workshop on Offensive Technologies (WOOT’21).

Secure Encrypted Virtualization is a native technology developed by AMD, which isolates virtual machines and the hypervisor. Still, the two attacks can allow threat actors to inject arbitrary code into the virtual machine even if the protection mechanism is in place. Further, both the vulnerabilities are affecting EPYC series of processors, including 1st, 2nd & 3rd Gen AMD EPYC™ Processors and AMD EPYC™ Embedded Processors. However, the mitigation procedure is available in the SEV-SNP feature offered by the vendor for activating in 3rd Gen AMD EPYC™ processors. And the same can be prevented by the users on 3rd Gen AMD EPYC™ through enabling SEV-SNP. In contrast, others on previous generations of EPYC processors are directed to follow the security best practices.

Here are the following acknowledgment published by the vendor:

CVE-2020-12967: Mathias Morbitzer, Martin Radev and Erick Quintanar Salas from Fraunhofer AISEC and Sergej Proskurin and Marko Dorfhuber from Technical University of Munich

CVE-2021-26311: Luca Wilke, Jan Wichelmann, Florian Sieck, and Thomas Eisenbarth from the University of Lübeck