CVE-2023-20592: New vulnerability affects AMD CPUs
Recently, researchers from AMD and the Graz University of Technology in Austria disclosed a new vulnerability named “CacheWarp,” tracked under the identifier “CVE-2023-20592”. This vulnerability affects the first three generations of AMD’s EPYC server processors, namely the Naples, Rome, and Milan product lines.
As reported by ComputerBase, Secure Encrypted Virtualization (SEV) is a unique security feature of the EPYC series server processors. It aims to enhance the security of virtual machines by encrypting each VM’s memory with a key. Ironically, it is this security feature that makes the “CacheWarp” attack feasible. While Secure Encrypted Virtualization technology has been exploited in the past, “CacheWarp” poses a more significant challenge as it does not require physical access to the host.
The CVE-2023-20592 vulnerability is triggered by using the INVD instruction to erase the processor’s cache, causing the processor to store outdated data in system storage or memory. The processor then reads data from the memory, assuming it is fresh when it is not. The critical data being read is a verification value, which must be zero for successful verification. Entering the correct key is supposed to be the only way to turn this value to zero, but it turns out that the initial value is also zero, creating a significant security loophole.
Although the first three generations of AMD’s EPYC server processors are affected, only the third generation has received a new microcode patch for the “CacheWarp” vulnerability. AMD stated in a release that the first and second generations of EPYC server processors do not require patching, as “SEV and SEV-ES features are not intended for protection.” Additionally, unlike many patches, AMD assures that enabling the new patch will not impact performance.