Several German researchers have shown a proof of concept attack indicating virtual machines using AMD’s secure encrypted virtualization (SEV) are susceptible to being hacked.
The researchers found that by targeting, accessing and gaining control of the web-based communication system that is running on the virtual machine using an attack methodology dubbed SEVered. It does this by gaining control of the hypervisor (HV) managing the virtual machine and instructing it to gather and return in plaintext the data stored in the virtual machine’s memory, the researchers from the firm Fraunhofer AISEC.
SEV is a hardware component in an AMD SEV designed to protect virtual machine memory from malicious cyberthreats and even physical attackers through encryption, but the researchers have found a way a malicious HV. A hypervisor is a software, firmware or hardware that creates and runs virtual machines.
The researchers based SEVered on the observation that the page-wise encryption of main memory lacks integrity protection While the virtual memory’s Guest Virtual Address to Guest Physical Address translation is controlled by the virtual machine itself and is invisible to the HV, the HV remains responsible for the Second Level Address Translation (SLAT).
“Meaning that it maintains the VM’s GPA to Host Physical Address (HPA) mapping in main memory. This enables us to change the memory layout of the VM in the HV. We use this capability to trick a service in the VM, such as a web server, into returning arbitrary pages of the VM in plaintext upon the request of a resource from outside,” the report stated.
While there is no mitigation that can be undertaken at this time the attack itself would be difficult to pull off and ThreatPost reported AMD has been notified of the issue.