A team of academics from Germany’s CISPA Helmholtz Center for Information Security has revealed details of a new hardware vulnerability affecting AMD processors.
The security flaw, codenamed StackWarp, could allow a malicious attacker with privileged control over a host server to execute malicious code within a Confidential Virtual Machine (CVM), potentially compromising the integrity guarantees provided by AMD Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). Affects AMD Zen 1 to Zen 5 processors.
“In the context of SEV-SNP, this flaw allows malicious VMs to [virtual machine] Researchers Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz said, “This allows for hijacking of both control and data flow, allowing attackers to achieve remote code execution and privilege escalation within sensitive VMs.”
AMD, which tracks the vulnerability as CVE-2025-29943 (CVSS v4 score: 4.6), characterizes the vulnerability as a medium severity improper access control bug that could allow an attacker with administrative privileges to modify the configuration of the CPU pipeline and corrupt the stack pointer within a SEV-SNP guest.
This issue affects the following product lines:
AMD EPYC 7003 Series Processors AMD EPYC 8004 Series Processors AMD EPYC 9004 Series Processors AMD EPYC 9005 Series Processors AMD EPYC Embedded 7003 Series Processors AMD EPYC Embedded 8004 Series Processors AMD EPYC Embedded 9004 Series Processors AMD EPYC Embedded 9005 Series Processors
SEV is designed to encrypt the protected VM’s memory and is intended to isolate the VM from the underlying hypervisor, but new CISPA findings show that safeguards can be bypassed without reading the VM’s plaintext memory by instead targeting a microarchitectural optimization called the stack engine that is responsible for accelerating stack operations.
“This vulnerability can be exploited via a previously undocumented control bit on the hypervisor side,” Zhang said in a statement shared with The Hacker News. “An attacker running a hyperthread in parallel with the target VM can use this to manipulate the position of the stack pointer within the protected VM.”
This allows redirection of program flow and manipulation of sensitive data. StackWarp attacks can be used to expose secrets from SEV-protected environments and compromise VMs hosted in AMD-powered cloud environments. Specifically, it can recover an RSA-2048 private key from a single flawed signature, effectively bypassing OpenSSH password authentication and sudo password prompts, and exploiting it to execute kernel-mode code in a VM.
The chipmaker is expected to release microcode updates for this vulnerability in July and October 2025, and an AGESA patch for EPYC embedded 8004 and 9004 series processors in April 2026.
This development builds on CISPA’s previous research detailing CacheWarp (CVE-2023-20592, CVSS v3 score:m 6.5), a software failure attack against AMD SEV-SNP. This allows an attacker to hijack the control flow, compromise the encrypted VM, and perform privilege escalation within the VM. It’s worth noting that both are attacks on hardware architecture.
“For operators of SEV-SNP hosts, there are specific steps to take. First, check whether hyperthreading is enabled on the affected systems. If it is, plan to temporarily disable CVM, which has particularly high integrity requirements,” said Zhang. “At the same time, you must also install any available microcode and firmware updates provided by your hardware vendor. StackWarp is another example of how subtle microarchitectural effects can undermine system-level security guarantees.”
Source link
