Researchers from CISPA Helmholtz Center for Information Security have discovered a new software-based fault attack named CacheWarp that breaks the integrity guarantees of AMD's Secure Encrypted Virtualization (SEV) technology.
SEV is an extension designed to protect the confidentiality and integrity of virtual machines (VMs) running on untrusted hypervisors.
The new attack dubbed CacheWarp (CVE-2023-20592) is effective against both SEV-ES and the latest SEV-SNP versions, which AMD previously claimed prevents all integrity attacks.
CacheWarp exploits the INVD instruction to selectively invalidate modified cache lines without writing them back to memory first. This allows the hypervisor to architecturally revert changes to previous stale states at precise points during VM execution.
Researchers introduced two techniques called Dropforge and TimeWarp to generically alter program behavior using CacheWarp.
TimeWarp redirects the control flow by dropping the implicit push of a return address, effectively jumping back to a previous call site.
"For the timewarp, we can reset what the computer has memorized as the next step. This makes the computer execute code that it executed before because it reads an outdated so-called return address from memory. The computer thus travels back in time. However, the old code is executed with new data (the return value of another function), which leads to unexpected effects. We use this method to bypass OpenSSH authentication, logging in without knowing the password."
Dropforge lets attackers modify function parameters and outputs by dropping writes.
"Another method, called "Dropforge," lets the attacker reset changes of guest VMs made to data. With one or multiple drops, the attacker can manipulate the logic flow of guest execution in an exploitable way. Take the `sudo` binary as an example, a return value is stored in the memory (stack) so that the attacker can reset it to an initial value. However, the initial value "0" gives us administrator privilege even when we are not."
The researchers demonstrated CacheWarp in three real-world case studies. First, they performed a Bellcore attack to fully extract the private RSA key from the Intel IPP crypto library within 10 seconds on average.
Second, they broke the password authentication of OpenSSH servers without knowing the credentials, gaining code execution inside SEV VMs. Third, they escalated privileges to root in the victim VM by exploiting the sudo binary.
According to the researchers, CacheWarp highlights a memory coherence problem that is difficult to mitigate purely in software. They implemented a proof-of-concept compiler mitigation to abort execution if a dropped write is detected. However, they recommend fixes in hardware and firmware, such as restricting the INVD instruction or automatically writing back modified cache lines on VM interrupts.
AMD acknowledged the vulnerability and will release microcode updates for AMD EPYC Milan CPUs to mitigate CacheWarp in SEV-SNP.
The CacheWarp attack shows that despite gradual improvements like SEV-SNP, fundamental flaws remain in AMD's SEV design allowing practical integrity violations. While confidentiality attacks were already demonstrated against SEV-SNP, this new attack also breaks integrity guarantees.
The ease of compromising critical applications like crypto libraries, SSH servers, and setuid binaries underscores the urgent need for robust hardware-based virtualization security measures in the cloud. With providers like AWS and Azure supporting SEV-based offerings, enterprises must weigh the risks before trusting SEV for secure cloud workloads.
Google security researcher has discovered another CPU vulnerability affecting Intel CPUs. The vulnerability named Reptar (CVE-2023-23583), is a high-severity flaw that impacts its desktop, mobile, and server CPUs.
Successful exploitation of the vulnerability could also permit a bypass of the CPU's security boundaries, according to Google Cloud, describing it as an issue stemming from how redundant prefixes are interpreted by the processor.