Chipmaker AMD Discover Two New Flaws Against its SEV Techonology

This article has been indexed from E Hacking News – Latest Hacker News and IT Security News

The chipmaker AMD published guidelines for two new attacks (CVE-2020-12967, CVE-2021-26311) against its SEV (Secure Encrypted Virtualization) technology that protects virtual machines from rogue operating systems.

The two attacks, documented in two research papers, respectively titled as “Severity: Code Injection Attacks against Encrypted Virtual Machines” and “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation,” can allow cybercriminals to inject arbitrary code into the virtual machine, giving them full control over the VM’s operating system.

The two attacks, SEVurity and undeSErVed, work not only against AMD CPUs protected by SEV but also SEV-ES (Secure Encrypted Virtualization-Encrypted State), an improved version of the technology that AMD released in 2017, a year after adding SEV to its CPUs.

The chipmaker released its security advisory this week because the findings of the two attacks will be presented by two research teams at this year’s 15th IEEE Workshop on Offensive Technologies (WOOT’21).

The first vulnerability, discovered as CVE-2020-12967, is caused by the lack of nested page table protection in the AMD SEV/SEV-ES feature which could potential

[…]

Read the original article: Chipmaker AMD Discover Two New Flaws Against its SEV Techonology