Researchers from the CISPA Helmholtz Center for Information Security , Graz University of Technology , and independent researcher Youheng Lu have discovered a vulnerability in AMD CPUs called “CacheWarp.” This vulnerability affects first- through third-generation EPYC processors, including the Naples, Rome , and Milan product lines . CacheWarp exploits weaknesses in AMD’s Secure Encrypted Virtualization (SEV) technology, specifically the SEV-ES and SEV-SNP implementations .
CacheWarp utilizes a software-based fault injection technique to manipulate the cache memory behavior in a virtual machine (VM) protected by SEV . This allows undetected fault injection and bypassing of integrity verification mechanisms , enabling attackers to gain escalated privileges or perform remote code execution in cloud environments . As a result, systems relying on encrypted virtualization for protection are at risk .
AMD has taken steps to address this vulnerability. They have released an update for third-generation EPYC Milan processors , including a microcode patch and updated firmware  , to mitigate the issue without impacting system performance . However, no countermeasures are currently available for the first and second generations of EPYC processors due to limitations in the SEV and SEV-ES features and the absence of SEV-SNP on these older architectures. The delay in releasing the patch for the affected processors was due to standard practice in coordinated vulnerability disclosure.
The vulnerability, tracked as CVE-2023-20592 , allows attackers to gain access to encrypted virtual machines (VMs) and escalate privileges . It was discovered by the aforementioned researchers. The attack method involves exploiting a potential vulnerability with the INVD instruction that could compromise memory integrity for SEV-ES and SEV-SNP guest VMs . AMD has provided a microcode update, along with a hot-loadable microcode patch and updated firmware image for AMD 3rd generation EPYC processors , to address this vulnerability . The patch should not impact performance .