Posted on Sunday, May 27 2018 @ 22:43 CEST by Thomas De Maesschalck
German security researchers discovered a method that can be used to leak data from virtual machines on a server with the AMD EPYC series. The "SEVered" attack abuses the AMD Secure Encrypted Virtualization (SEV) feature to extract all memory of a virtual machine in plaintext. Full details
at The Register.
However, a technique dubbed SEVered can, it is claimed, be used by a rogue host-level administrator, or malware within a hypervisor, or similar, to bypass SEV protections and copy information out of a customer or user's virtual machine.
The problem, said Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, is that miscreants at the host level can alter a guest's physical memory mappings, using standard page tables, so that the SEV mechanism fails to properly isolate and scramble parts of the VM in RAM.
