New StackWarp Vulnerability Undermines AMD’s SEV-SNP Protections
In a significant development for cybersecurity, researchers from the CISPA Helmholtz Center for Information Security in Germany have unveiled a new hardware vulnerability, dubbed StackWarp, that critically impacts AMD processors. This flaw allows attackers with privileged access to a host server to execute malicious code within confidential virtual machines (CVMs), thereby compromising the robust integrity guarantees offered by AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) technology. The vulnerability spans a wide range of AMD CPUs, from Zen 1 through Zen 5 architectures.
The research team, including Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz, elaborated on the exploit’s mechanism: “In the context of SEV-SNP, this flaw allows malicious VM [virtual machine] hosts to manipulate the guest VM’s stack pointer. This enables hijacking of both control and data flow, allowing an attacker to achieve remote code execution and privilege escalation inside a confidential VM.”
Understanding the StackWarp Attack
AMD SEV-SNP is designed to provide a formidable shield for virtual machines, encrypting their memory and isolating them from the underlying hypervisor. However, CISPA’s findings demonstrate that this safeguard can be circumvented without directly accessing the VM’s plaintext memory. Instead, StackWarp targets a microarchitectural optimization known as the ‘stack engine,’ which is responsible for accelerating stack operations.
Ruiyi Zhang explained the exploit’s core: “The vulnerability can be exploited via a previously undocumented control bit on the hypervisor side. An attacker running a hyperthread in parallel with the target VM can use this to manipulate the position of the stack pointer inside the protected VM.” This manipulation subsequently allows for the redirection of program flow or the alteration of sensitive data within the confidential VM.
Profound Implications for Cloud Security and Data Confidentiality
The ramifications of the StackWarp attack are substantial, particularly for cloud environments relying on AMD processors. It can be leveraged to expose sensitive information from SEV-secured environments and compromise VMs hosted on AMD-powered cloud infrastructure. Specific, high-impact attack scenarios include:
- Recovering an RSA-2048 private key from a single faulty signature.
- Bypassing OpenSSH password authentication.
- Circumventing sudo’s password prompt.
- Achieving kernel-mode code execution within a VM.
AMD has acknowledged the vulnerability, tracking it as CVE-2025-29943 with a CVSS v4 score of 4.6, classifying it as a medium-severity improper access control bug. This flaw could enable an admin-privileged attacker to modify the CPU pipeline’s configuration, leading to stack pointer corruption within an SEV-SNP guest.
Affected AMD Product Lines:
- AMD EPYC 7003 Series Processors
- AMD EPYC 8004 Series Processors
- AMD EPYC 9004 Series Processors
- AMD EPYC 9005 Series Processors
- AMD EPYC Embedded 7003 Series Processors
- AMD EPYC Embedded 8004 Series Processors
- AMD EPYC Embedded 9004 Series Processors
- AMD EPYC Embedded 9005 Series Processors
AMD’s Response and Remediation Timeline
The chipmaker has already initiated efforts to address StackWarp, releasing microcode updates in July and October 2025. Further AGESA patches specifically for EPYC Embedded 8004 and 9004 Series Processors are slated for release in April 2026.
A Recurring Theme: Microarchitectural Hardware Attacks
This discovery follows a previous study by CISPA, which detailed CacheWarp (CVE-2023-20592, CVSS v3 score: 6.5). CacheWarp was another software fault attack on AMD SEV-SNP, enabling attackers to hijack control flow, breach encrypted VMs, and escalate privileges within the VM. Both StackWarp and CacheWarp underscore a critical trend: sophisticated hardware architectural attacks that exploit subtle microarchitectural effects to bypass system-level security guarantees.
Recommendations for SEV-SNP Host Operators
For organizations operating SEV-SNP hosts, immediate action is advised:
- Assess Hyperthreading: Verify if hyperthreading is enabled on affected systems. For CVMs with stringent integrity requirements, consider temporary disablement.
- Apply Updates: Promptly install all available microcode and firmware updates from hardware vendors.
As Ruiyi Zhang aptly concludes, “StackWarp is another example of how subtle microarchitectural effects can undermine system-level security guarantees.” This highlights the ongoing challenge of securing complex hardware architectures against increasingly sophisticated threats.
For more details, visit our website.
Source: Link
Leave a comment