Vulnerability: CVE-2023-20592
Date: 5 December 2023
Scope: AMD SEV platforms
Executive summary: The recently-publicized “Cachewarp” vulnerability is already patched on AMD SEV-SNP servers in Microsoft Azure and Google Cloud. No action is required for Anjuna customers.
Introduction
The AMD SEV-SNP platform provides strong security for customers running workloads in enclaves for isolation and risk reduction. From time to time, issues and vulnerabilities can impact the security of the platform. This bulletin provides details on the impact and how to mitigate it.
References
- NVD - CVE-2023-20592
- AMD’s bulletin, including affected platforms - INVD Instruction Security Vulnerability
- The website and research paper about this vulnerability.
Does this impact Anjuna Security’s software?
The vulnerability can be exploited on AMD SEV and affects applications running in the Anjuna Runtime for SEV on Microsoft Azure and Google Cloud.
AMD provided a microcode and firmware update to fix this vulnerability for SEV-SNP. There is no change required to the Anjuna software.
Vulnerability Summary
A team of researchers, primarily from CISPA Helmholtz Center for Information Security, identified the Cachewarp vulnerability and published this research paper.
The vulnerability allows an attacker who controls the hypervisor to selectively drop write operations, which leads the VM to use stale data - a violation of memory integrity. This can be exploited to allow privilege escalation or remote code execution.
The Cachewarp vulnerability is a software-based fault attack that is triggered using the INVD instruction, normally used to invalidate a CPU’s internal data and instruction cache. By introducing carefully-timed faults with the INVD instruction, the hypervisor is able to force the VM to use stale data, without triggering a checksum failure.
This vulnerability only affects applications which use the INVD instruction, which is a privileged instruction used in very specific scenarios. There is no known exploitation in the wild.
The vulnerability affects workloads running on 1st-, 2nd-, and 3rd-generation AMD EPYC processors, including those that run in an AMD SEV Secure Enclave. 4th-generation AMD EPYC processors are not affected.
The related AMD security bulletin can be found here. AMD has released a microcode and firmware update which fixes the vulnerability for 3rd-generation AMD EPYC servers. See the bulletin for details on verifying the microcode and firmware updates using SEV-SNP attestation.
1st and 2nd-generation AMD EPYC servers do not receive a patch, as they only support AMD SEV and AMD SEV-ES. Only AMD SEV-SNP is designed to support memory integrity against a malicious hypervisor. Anjuna recommends the use of AMD SEV-SNP rather than SEV or SEV-ES.
Microsoft Azure patch deployment
Microsoft Azure confirmed that all relevant Azure Confidential Computing servers are patched against the Cachewarp vulnerability.
Google Cloud patch deployment
Google Cloud confirmed that all Google Cloud Confidential Computing servers are patched against the Cachewarp vulnerability.
Comments
0 comments
Please sign in to leave a comment.