Cybersecurity

Cyber: New Stackwarp Hardware Flaw Breaks Amd Sev-snp Protections On Zen...

2026-01-19 0 views admin
Cyber: New Stackwarp Hardware Flaw Breaks Amd Sev-snp Protections On Zen...

A team of academics from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors.

The security flaw, codenamed StackWarp, can allow bad actors with privileged control over a host server to run malicious code within confidential virtual machines (CVMs), undermining the integrity guarantees provided by AMD Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). It impacts AMD Zen 1 through Zen 5 processors.

"In the context of SEV-SNP, this flaw allows malicious VM [virtual machine] hosts to manipulate the guest VM's stack pointer," researchers Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz said. "This enables hijacking of both control and data flow, allowing an attacker to achieve remote code execution and privilege escalation inside a confidential VM."

AMD, which is tracking the vulnerability as CVE-2025-29943 (CVSS v4 score: 4.6), characterized it as a medium-severity, improper access control bug that could allow an admin-privileged attacker to alter the configuration of the CPU pipeline, causing the stack pointer to be corrupted inside an SEV-SNP guest.

While SEV is designed to encrypt the memory of protected VMs and is intended to isolate them from the underlying hypervisor, the new findings from CISPA show that the safeguard can be bypassed without reading the VM's plaintext memory by instead targeting a microarchitectural optimization called stack engine, responsible for accelerated stack operations.

"The vulnerability can be exploited via a previously undocumented control bit on the hypervisor side," Zhang said in a statement shared with The Hacker News. "An attacker running a hyperthread in parallel with the target VM can use this to manipulate the position of the stack pointer inside the protected VM."

This, in turn, enables redirection of program flow or manipulation of sensitive data. The StackWarp attack can be used to expose secrets from SEV-secured environments and compromise VMs hosted on AMD-powered cloud environments. Specifically, it can be exploited to recover an RSA-2048 private key from a single faulty signature, effectively getting around OpenSSH password authentication and sudo's password prompt, and attain kernel-mode code execution in a VM.

The chipmaker released microcode updates for the vulnerability in July and October 2025, with AGESA patches for EPYC Embedded 8004 and 9004 Series Processor

Source: The Hacker News

🏷️ Tags

securityhackvulnerabilitycveattack

More from Cybersecurity

Cyber: Hacker Admits To Leaking Stolen Supreme Court Data On Instagram

Cyber: Hacker Admits To Leaking Stolen Supreme Court Data On Instagram

2026-01-19 0
Cyber: Jordanian Pleads Guilty To Selling Access To 50 Corporate Networks

Cyber: Jordanian Pleads Guilty To Selling Access To 50 Corporate Networks

2026-01-19 0
Cyber: Ingram Micro Says Ransomware Attack Affected 42,000 People 2026

Cyber: Ingram Micro Says Ransomware Attack Affected 42,000 People 2026

2026-01-19 0
Cyber: ⚡ Weekly Recap: Fortinet Exploits, Redline Clipjack, Ntlm Crack,...

Cyber: ⚡ Weekly Recap: Fortinet Exploits, Redline Clipjack, Ntlm Crack,...

2026-01-19 0

Trending

1

Tech: Go-legacy-winxp: Compile Golang 1.24 code for Windows XP

2026-01-15 • 4457 views
2

Tech: Data is the only moat

2026-01-15 • 4133 views
3

Tech: Pocket TTS: A high quality TTS that gives your CPU a voice

2026-01-15 • 3239 views
4

Tech: AWS European Sovereign Cloud

2026-01-15 • 2741 views
5

Tech: JuiceFS is a distributed POSIX file system built on top of Redis and S3

2026-01-15 • 2719 views