14 DAY TRIAL // AMD disclosed two exploits related to the Secure Encrypted Virtualization (SEV) function. Affected processors are first, second, and third generation EPYC. The details are going to be revealed at year's IEEE Workshop on Offensive Technologies (WOOT'21).
The first exploit, CVE-2020-12967, is largely investigated in a paper titled “SEVerity: Code Injection Attacks against Encrypted Virtual Machines” by researchers from Fraunhofer AISEC and the Technical University of Munich.
According to AMD, the researchers who found the flaw “make use of previously discussed research around the lack of nested page table protection in the SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest”.
CVE-2021-26311, the second exploit, is outlined in a paper with the title of “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation” from researchers at the University of Lübeck.
The flaw may lead to arbitrary code execution
AMD said the researchers revealed that memory in the guest address space can be rearranged without being detected by the attestation process. Therefore, it could lead to arbitrary code execution within the guest.
Even though both exploits affect three generations of EPYC processors, only the third-generation models will receive direct mitigation from AMD in the form of the SEV-Secure Nested Paging feature, outlined in a white paper from January 2020.
In the case of first and second generation EPYC processors, AMD recommends adopting security best practices to reduce exposure to the exploits. That is not particularly actionable guidance, but luckily, it should not be too difficult to implement. AMD is following up to see if the problems can be addressed separately.
Then again, keep in mind that the exploits listed in both papers necessitate the presence of a malicious administrator in order to compromise the server hypervisor. Physical access should restrict the scope of the exploits, particularly during a global pandemic.
More details about both exploits are expected to be released on May 27 during WOOT'21.