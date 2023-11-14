Researchers from Graz University of Technology and AMD have recently unveiled a concerning vulnerability in AMD CPUs known as CacheWarp. This vulnerability, also known as CVE-2023-20592, specifically affects the secure encrypted virtualization (SEV) feature in EPYC server CPUs. While SEV is designed to enhance the security of virtual machines by encrypting their memory, it ironically opens the door for CacheWarp attacks, rendering EPYC CPUs vulnerable.

Unlike previous instances of SEV exploitation, the CacheWarp vulnerability demonstrates a critical characteristic—it does not require physical access to the targeted computer. Exploiting CacheWarp involves wiping the CPU’s cache through the INVD instruction, resulting in outdated data stored in system memory or RAM. When the CPU subsequently retrieves this data from the RAM, it assumes that it is up-to-date and authentic.

The highly significant data that the CPU reads during this process is the authentication value, which must be 0 to achieve successful authentication. Normally, the only way to obtain this value is by entering the correct passkey. However, CacheWarp takes advantage of the fact that the initial value for authentication is also 0, effectively sending the CPU back in time—an exploitable security hole.

This vulnerability affects first, second, and third generation EPYC processors. However, AMD has promptly addressed the issue by releasing a microcode patch specifically for third generation Milan chips. Remarkably, AMD maintains that the patch will not impact performance, unlike many other security patches in the past. Unlike vulnerabilities such as Spectre, CacheWarp does not rely on speculative execution, which previously resulted in compromised performance as a consequence of patching.

FAQ:

Q: What is CacheWarp?

A: CacheWarp is a newly discovered vulnerability in AMD CPUs that exploits the secure encrypted virtualization (SEV) feature, rendering EPYC CPUs susceptible to attacks that do not require physical access.

Q: How does CacheWarp work?

A: CacheWarp involves wiping the CPU’s cache and retrieving outdated data from system memory or RAM. By exploiting the initial authentication value of 0, the CPU is tricked into accepting the outdated data, opening the door for potential breaches.

Q: Which CPUs are affected by CacheWarp?

A: CacheWarp impacts first, second, and third generation EPYC processors, but AMD has issued a microcode patch exclusively for third generation Milan chips.

Q: Will the microcode patch affect performance?

A: No, unlike previous security patches, AMD assures users that the CacheWarp patch will not have any performance impact. The vulnerability does not rely on speculative execution, which necessitated performance-reducing patches in the past.