Data Centers Alert: AMD Addresses SEV-SNP Vulnerabilities in EPYC Processors

AMD Vulnerability - CVE-2024-21980

AMD has released a security bulletin addressing three potential vulnerabilities in its Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP) technology. Discovered by a researcher, these vulnerabilities could allow a malicious hypervisor controlled by the host system to read or corrupt the memory of a guest VM, posing significant risks to data integrity and confidentiality. The vulnerabilities, identified as CVE-2024-21978, CVE-2024-21980, and CVE-2023-31355, have varying severity levels, with two rated as medium and one as high.

SEV-SNP is a security feature designed to protect virtual machines (VMs) from malicious attacks by encrypting their memory. However, these vulnerabilities highlight that even advanced security measures can have weaknesses. The vulnerabilities stem from improper input validation and restriction of write operations in the SEV-SNP firmware, potentially allowing a malicious hypervisor to gain unauthorized access to or corrupt a guest VM’s memory.

CVE CVSS3.1 Base Score CVE Description
CVE-2024-21978 6.0 (Medium)

AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

Improper input validation in SEV-SNP could allow a malicious hypervisor to read or overwrite guest memory potentially leading to data leakage or data corruption.
CVE-2024-21980 7.9 (High)

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N

Improper restriction of write operations in SNP firmware could allow a malicious hypervisor to overwrite a guest’s memory or UMC seed potentially resulting in loss of confidentiality and integrity.
CVE-2023-31355 6.0 (Medium)

AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

 

Improper restriction of write operations in SEV-SNP firmware could allow a malicious hypervisor to overwrite a guest’s UMC seed potentially allowing reading of memory from a decommissioned guest.

The impact of these vulnerabilities is significant, as they could enable attackers to steal sensitive data, manipulate VM operations, or even cause a denial of service. The affected products include AMD’s 3rd Gen EPYC Processors (Milan) and 4th Gen EPYC Processors (Genoa), both widely used in data centers and embedded systems.

To mitigate these risks, AMD strongly recommends that users update their systems to the latest Platform Initialization (PI) firmware versions specified in the advisory. In some cases, additional mitigation options, such as microcode or other patches, may be available.

For detailed information on the firmware updates and mitigation strategies, users should refer to the official AMD security bulletin and follow the provided guidelines.

Related Posts: