"In the context of SEV-SNP, this flaw allows malicious VM [virtual machine] hosts to manipulate the guest VM's stack pointer,"
"This enables hijacking of both control and data flow, allowing an attacker to achieve remote code execution and privilege escalation inside a confidential VM."
"While SEV is designed to encrypt the memory of protected VMs and is intended to isolate them from the underlying hypervisor, the new findings from CISPA show that the safeguard can be bypassed without reading the VM's plaintext memory by instead targeting a microarchitectural optimization called stack engine, responsible for accelerated stack operations."
"AMD, which is tracking the vulnerability as CVE-2025-29943 (CVSS v4 score: 4.6), characterized it as a medium-severity, improper access control bug that could allow an admin-privileged attacker to alter the configuration of the CPU pipeline, causing the stack pointer to be corrupted inside an SEV-SNP guest."
StackWarp is a hardware vulnerability that permits privileged hosts to corrupt the stack pointer of SEV‑SNP protected guests, enabling control- and data-flow hijacking. The flaw targets a microarchitectural optimization called the stack engine, which accelerates stack operations, allowing a host to bypass SEV encryption without reading plaintext memory. Exploitation can lead to remote code execution and privilege escalation within confidential virtual machines. AMD tracks the issue as CVE-2025-29943 with a CVSS v4 score of 4.6 and describes it as an improper access control vulnerability affecting Zen 1 through Zen 5 EPYC product families.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]