Encrypted virtual machines at risk of novel CacheWarp attack

Threat actors could compromise encrypted virtual machines and facilitate privilege escalation efforts through the new CacheWarp attack involving the exploitation of a vulnerability impacting AMD's Secure Encrypted Virtualization technology, tracked as CVE-2023-20592, according to The Hacker News. While AMD's SEV-SNP technology, which integrates Secure Nested Paging, includes robust memory integrity defenses, such protections could be bypassed by CacheWarp by abusing the INVD instruction leveraged for removing cache content within a processor, a report from CISPA Helmholtz Center for Information Security and Graz University of Technology researchers revealed. "The instruction 'INVD' drops all the modified content in the cache without writing them back to the memory. Hence, the attacker can drop any writes of guest VMs and the VM continues with architecturally stale data," said researcher Ruiyi Zhang, who added that the timewarp and dropforge attack primitives enabling code execution prior to recognizing an outdated return address from memory and data change resetting in guest VMs, respectively, could allow unlimited VM access.