AMD's guidelines highlighted CVE-2020-12967 was detected as the first vulnerability due to the lack of nested page table protection in the AMD SEV/SEV-ES featur...
AMD released guidelines followed by the discovery of two freshly new attacks targeting its Secure Encrypted Virtualization. The Chipmaker referred to a set of two research papers, titled “SEVerity: Code Injection Attacks against Encrypted Virtual Machines” and “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation, ” were believed to be linked to the attacks CVE-2020-12967 & CVE-2021-26311 allowing to bypass their inbuilt technology prevent any rogue operating systems on virtual machines labeled as Secure Encrypted Virtualization(SEV).
According to the guidelines released by AMD, CVE-2020-12967 was detected as the first vulnerability due to the lack of nested page table protection in the AMD SEV/SEV-ES feature may potentially lead to arbitrary code execution within the guest Virtual Machine if any malicious administrator has access to jeopardize the server hypervisor.
While CVE-2021-26311, which is the second vulnerability, stays within the AMD SEV/SEV-ES feature. But as the attestation mechanism can not detect the guest address space due to the memory rearrangement possibly utilized by a malicious hypervisor, potentially leading to arbitrary code execution within the guest Virtual Machine if a malicious administrator has access to compromise the server hypervisor.
Besides, the two researchers from AMD will also present discoveries of two attacks at this year’s 15th IEEE Workshop on Offensive Technologies (WOOT’21).
Secure Encrypted Virtualization is a native technology developed by AMD, which isolates virtual machines and the hypervisor. Still, the two attacks can allow threat actors to inject arbitrary code into the virtual machine even if the protection mechanism is in place. Further, both the vulnerabilities are affecting EPYC series of processors, including 1st, 2nd & 3rd Gen AMD EPYC™ Processors and AMD EPYC™ Embedded Processors. However, the mitigation procedure is available in the SEV-SNP feature offered by the vendor for activating in 3rd Gen AMD EPYC™ processors. And the same can be prevented by the users on 3rd Gen AMD EPYC™ through enabling SEV-SNP. In contrast, others on previous generations of EPYC processors are directed to follow the security best practices.
Here are the following acknowledgment published by the vendor:
• CVE-2020-12967: Mathias Morbitzer, Martin Radev and Erick Quintanar Salas from Fraunhofer AISEC and Sergej Proskurin and Marko Dorfhuber from Technical University of Munich
• CVE-2021-26311: Luca Wilke, Jan Wichelmann, Florian Sieck, and Thomas Eisenbarth from the University of Lübeck