Two attacks disclosed against AMD's SEV virtual machine protection system

Chipmaker AMD has issued guidance this week for two attacks against its SEV (Secure Encrypted Virtualization) technology that protects virtual machines from rogue operating systems.

The two attacks, documented in two academic papers, can allow a threat actor to inject malicious code inside SEV-encrypted virtual machines, giving them full control over the VM's operating system.

The two attacks, SEVurity and undeSErVed, work not only against AMD CPUs protected by SEV but also SEV-ES (Secure Encrypted Virtualization-Encrypted State), an improved version of the technology that AMD released in 2017, a year after adding SEV to its CPUs.

AMD says EPYC CPU line is impacted

In a security bulletin released on Patch Tuesday, AMD confirmed the two attacks for the first time.

The company said that all AMD EPYC processors are impacted by these attacks. This includes 1st, 2nd, 3rd generation, and embedded EPYC processors, a CPU line typically used in data center servers.

The chipmaker said that companies who use AMD CPUs to host virtualized environments for employees/customers should activate SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging), its latest version of the SEV technology, which it launched in 2020 [see PDF].

"The mitigation requires the use of SEV-SNP, which is only supported on 3rd Gen AMD EPYC," the company said.

Since prior generations of EPYC processors do not support SEV-SNP, the chipmaker advised customers to follow security best practices and avoid a compromise of the host OS, the operating system that runs the SEV-protected VM.

The chipmaker released its security advisory this week because the two attacks and their research papers are scheduled to be presented at the WOOT '21 security conference at the end of this month; when they're likely to gain more attention from the general public.

Extremely happy about that our work on code injection attacks against encrypted VMs, "SEVerity: Code Injection Attacks against Encrypted Virtual Machines" has made it to #WOOT21! w/ Mathias Morbitzer, @martin_b_radev, Erick Quintanar, and Marko Dorfhuber

— Sergej Proskurin (@proskurinserg) March 1, 2021

I am very happy to finally lift the curtain on our paper "undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation" that will appear at @wootsecurity.
Thanks @JanWichelmann, Florian Sieck and @tomcrypt for the great collaboration.https://t.co/zWfErNtJ3A

— Luca Wilke (@lucawilkeUzL) May 12, 2021

While in the past two years most CPU attacks have primarily targeted Intel CPUs, which have a much larger market share, AMD has had to deal with its own set of issues as well.

Last month, the chipmaker admitted that its Zen 3 CPUs were vulnerable to Spectre-like attacks via the processor's PSF feature.

In June 2020, the company also admitted that its AMD Accelerated Processing Unit (APU) processors released between 2016 and 2019 were impacted by "SMM Callout" bugs.

Academics first broke AMD's SEV technology in June 2018 with the SEVered attack. The same research team also broke SEV-ES two years later, in April 2020, with the SEVurity attack.

Earlier this month, AMD denied that its CPUs were impacted by an attack that bypassed the patches for the original 2018 Spectre attack, detailed in a paper called "I see dead µops: leaking secrets via Intel/AMD micro-op caches" [PDF].