CacheWarp : A new Flaw in AMD’s SEV Let Attackers Hijack Encrypted Virtual Machines

CacheWarp is a new software-based fault attack that allows attackers to gain access to encrypted virtual machines (VMs) and escalate privileges on AMD’s Secure Encrypted Virtualization-Encrypted State (SEV-ES) and Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technologies.

The underlying vulnerability tracked as CVE-2023-20592 with Medium severity was uncovered by researchers from the CISPA Helmholtz Center for Information Security in Germany, the Graz University of Technology in Austria, and independent researcher Youheng Lu discovered CacheWarp.

Researchers claim that the CacheWarp attack method enables malicious attackers to escalate privileges, take over control flow, and break an encrypted virtual machine.

“CacheWarp is a software-based fault injection attack on SEV VMs. It allows the hypervisor to revert data modifications of the VM on a single-store granularity, leading to an old (stale) view of memory for the VM”, researchers said.

AMD Secure Encrypted Virtualization (SEV) is a CPU extension that allows for more secure virtual machines (VMs) isolation from the underlying hypervisor. AMD SEV enables developers to deploy virtual machines securely in an untrusted hypervisor environment.

To create an isolated execution environment, SEV-SNP, which features Secure Nested Paging (SNP), offers robust memory integrity security to assist against malicious hypervisor-based attacks, including data replay, memory re-mapping, and more.

The security experts have given video demonstrations on CacheWarp bypassing OpenSSH authentication and Sudo Authentication.

INVD Instruction Lead to a Loss of SEV-ES and SEV-SNP

AMD has detected a potential vulnerability with the INVD instruction that could result in a loss of memory integrity for SEV-ES and SEV-SNP guest virtual machines (VMs). The microcode update addresses the vulnerability that has been provided.

“Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity,” AMD said.

Affected Products

  • 1st Gen AMD EPYC™ Processors (SEV and SEV-ES)
  • 2nd Gen AMD EPYC™ Processors (SEV and SEV-ES)
  • 3rd Gen AMD EPYC™ Processors (SEV, SEV-ES, SEV-SNP)


For customers that have the AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature active, AMD has supplied a hot-loadable microcode patch and updated the firmware image for AMD 3rd generation EPYC™ processors (“Zen 3” microarchitecture, formerly codenamed “Milan”).  The patch should not affect performance.

Patch Manager Plus, the one-stop solution for automated updates of over 850 third-party applications: Try Free Trial.

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.