A workforce of researchers from the CISPA Helmholtz Heart for Info Safety in Germany has disclosed the main points of a brand new {hardware} vulnerability affecting AMD processors.
Dubbed StackWarp, the problem has been discovered to impression AMD Zen 1 by way of Zen 5 processors, enabling an attacker to hack confidential digital machines (CVMs).
The researchers described StackWarp as a software-based architectural assault that “exploits a synchronization failure within the stack engine that manages stack pointer updates within the CPU frontend”.
Exploitation of the vulnerability permits a malicious VM host to govern the visitor VM’s stack pointer to hijack management and information flows, enabling distant code execution and privilege escalation inside CVMs.
The CISPA researchers have demonstrated the impression of the assault in a number of assault situations, together with reconstructing an RSA-2048 personal key, circumventing OpenSSH password authentication, bypassing Sudo’s password immediate, and attaining kernel-mode code execution in a VM.
Conducting all these assaults usually requires privileged management over the host server working the CVMs. Assaults might be launched by rogue staff of a cloud supplier or a classy risk actor that has gained entry to the supplier’s programs. Commercial. Scroll to proceed studying.
Whereas the probabilities of such an assault being carried out within the wild are small, the StackWarp assault reveals that AMD’s SEV-SNP, which is designed to encrypt VM reminiscence to guard it even towards the cloud supplier, will be undermined with out the attacker ever seeing decrypted reminiscence.
“These findings reveal that CVM execution integrity—the very protection SEV-SNP goals to supply—will be successfully damaged: Confidential keys and passwords will be stolen, attackers can impersonate legit customers or achieve persistent management of the system, and isolation between visitor VMs and the host or different VMs can now not be relied upon,” the researchers stated.
AMD has been knowledgeable in regards to the vulnerability and printed an advisory on Thursday. The chip big has assigned the flaw a low severity ranking and informed SecurityWeek that patches have been out there for the impacted server (EPYC) merchandise since July 2025.
The CVE identifier CVE-2025-29943 has been assigned to the StackWarp vulnerability.
The researchers have arrange a devoted web site for StackWarp, and a paper with the total technical particulars has additionally been printed. Movies displaying the assault in motion are additionally out there.
Associated: AMD Patches CPU Vulnerability That May Break Confidential Computing Protections
Associated: Chipmaker Patch Tuesday: Intel, AMD, Arm Reply to New CPU Assaults
Associated: Intel, AMD Processors Affected by PCIe Vulnerabilities
