AMD has warned customers about two vulnerabilities in its SEV (Secure Encrypted Virtualization) technology implemented to protect virtual machines from malicious operating systems. Both vulnerabilities allow attackers to inject malicious code into SEV-protected virtual machines and take full control of the operating system.

Attacks with the SEVerity (CVE-2020-12967) and undeSErVed (CVE-2021-26311) vulnerabilities impact AMD CPUs protected by not only SEV, but also SEV-ES (Secure Encrypted Virtualization-Encrypted State), an improved version of the technology released in 2017.

The vulnerabilities impact all AMD EPYC processors, including first-, second-, and third-gen EPYC processors and EPYC embedded processors commonly used in data center servers. According to the manufacturer, companies using AMD processors to deploy employee/customer virtualization environments should activate SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging), the latest version of SEV technology launched in 2020.

Since SEV-SNP is only supported on 3rd Gen AMD EPYC processors, the manufacturer recommends that customers using earlier CPU generations follow security best practices and avoid compromising the host OS running the SEV-protected virtual machine.

Source: securitylab.ru