Researchers have discovered a new vulnerability affecting AMD processors.

Researchers disclosed a new hardware vulnerability, dubbed StackWarp, that impacts AMD Zen 1 through Zen 5 processors and enables attackers to hijack confidential virtual machines. The attack exploits a synchronization flaw in the CPU’s stack engine, allowing malicious hosts to manipulate a guest VM’s stack pointer and gain remote code execution or escalate privileges. Demonstrated attack scenarios included recovering RSA keys, bypassing OpenSSH and sudo authentication, and obtaining kernel‑mode execution inside a protected VM. AMD has issued patches for affected EPYC processors.

Read more:

https://www.securityweek.com/new-stackwarp-attack-threatens-confidential-vms-on-amd-processors/