All AMD Ryzen processors have a fatal vulnerability

A team of security researchers from Cornell University has discovered another vulnerability in modern processors. This time it concerns exclusively the AMD CPU. 

The new attack targets AMD Secure Encrypted Virtualization (SEV) technology using the AMD Secure Processor (AMD-SP) security module integrated into all Ryzen processors. 

The method requires physical access to a PC and is based on a voltage failure attack that allows an attacker to actually deploy special SEV firmware, which in turn will allow decryption of all information associated with a virtual machine (VM). The vulnerability is present on all Zen processors of any version. Interestingly, AMD previously stated that Zen 2 and Zen 3 do not have such vulnerabilities. 

The very nature of the vulnerability indicates that it will not be possible to fix it programmatically. This problem is not critical for most ordinary users due to the impossibility of remote implementation of the vulnerability, however, in a corporate environment, in some cases it can be important.  

Post a Comment