New CPU Vulnerability risk to virtual machines based on AMD processors

Image source: CISPA
More information: Newsarticle
Researchers at TU Graz (i.e. Andreas Kogler of IAIK) and the Helmholtz Centre for Information Security (research team led by IAIK-alumni Michael Schwarz) have identified a security vulnerability that could allow data on virtual machines with AMD processors to fall under the control of attackers.

In the area of cloud computing, i.e. on-demand access to IT resources via the internet, so-called trusted execution environments (TEEs) play a major role. They are designed to ensure that the data on the virtual work environments (virtual machines) is secure and cannot be manipulated or stolen. Researchers at the CISPA Helmholtz Centre for Information Security and Graz University of Technology (TU Graz) have now discovered a security vulnerability in AMD processors that allows attackers to penetrate virtual work environments based on the trusted computing technologies AMD SEV-ES and AMD SEV-SNP. This is achieved by resetting data changes in the buffer memory (cache), which gives the intruders unrestricted access to the system. They have chosen CacheWarp as the name for this software-based attack method.

Read the whole article by clicking on the link on the right!

More information on CacheWarp here!