Disrupting AMD SEV-SNP on Linux® With Interrupts

2024-04-0500:00:00

amd.com

www.amd.com

amd

sev-snp

linux

interrupts

vulnerability

confidentiality

integrity

hypervisor

mitigation

kernel

hardware

security

cve-2024-25742

cert/cc

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

AMD ID: AMD-SB-3008 **Potential Impact:**N/A Severity: N/A

Summary

Researchers from ETH Zurich have shared with AMD a paper titled “Heckler: Disrupting AMD SEV-SNP with Interrupts.”

In their paper, the researchers report that a malicious hypervisor can potentially break confidentiality and integrity of Linux® SEV-SNP guests by injecting interrupts.

AMD believes that this vulnerability lies in the Linux® kernel implementation of SEV-SNP and mitigations addressing some of the vulnerability issues have been upstreamed to the main Linux kernel. Please refer to upstream kernel commit IDs f35e46631b28 (“Merge tag ‘x86-int80-20231207’ of git://git.kernel.org/pub/scm/linux/kernel/git/tip/tip”) and e3ef461af35a (“x86/sev: Harden #VC instruction emulation somewhat”) "

AMD supports additional hardware security features that are designed to protect against the reported attack that are not currently supported in Linux®. The relevant features are described in AMD64 Architecture Programmer’s Manual Volume 2, Section 15.36.16.

<https://www.amd.com/content/dam/amd/en/documents/processor-tech-docs/programmer-references/24593.pdf>

Please refer to your Linux® provider for guidance.

CVE-2024-25742, CVE-2024-25743, CVE-2024-25744 has been assigned by CERT/CC.