AMD EPYC server chipsets are supposed to provide a high level of security, but a German team has managed to gain control through a hypervisor exploit.
A team of German researchers have found a serious security flaw in AMD's EPYC datacenter processors that enables them to extract plain text data from VMs.
EPYC chips, which are mainly used in datacenter environments, are designed to automatically encrypt virtual machines (VMs) while in memory. The method EPYC chips use to do so is called Secure Encrypted Virtualization (SEV), and it keeps each VM in a different encrypted address space. SEV-encrypted data can only be decrypted as it's leaving memory for the CPU and is automatically encrypted again when put back into memory.
It shouldn't be possible for a VM to be decrypted by anything but the CPU of an EPYC chip--that means hypervisor, malware, and other services running on a server should all be locked out.
The German research team found that to not be the case, however, finding a serious flaw in SEV which they've dubbed SEVered.
SEVered VM security: How it failed and what's at risk
The German team claims it has demonstrated proof-of-concept of SEVered, which it said is "an attack from a malicious hypervisor capable of extracting the full contents of main memory in plaintext from SEV-encrypted virtual machines."
The security implications of this are serious for cloud providers and users--it means an attacker that manages to gain access to an EPYC VM server could extract any data they want, all without ever having to gain physical access.
To understand how the exploit works it's necessary to understand how the EPYC SEV obfuscates and encrypts data. When data from a VM leaves the EPYC CPU and heads back to memory it's encrypted and sent to a physical address space that is also encrypted and tied to the key stored in the CPU.
SEV essentially scrambles physical memory space and breaks VMs up into chunks, and only the server's hypervisor knows the physical mapping. The hypervisor doesn't know, however, which mapping spaces match up with which VMs--it's only told by the CPU what to grab, not where it belongs, as explained in the paper: "The HV remains responsible for the Second Level Address Translation (SLAT), meaning that it maintains the VM's GPA to Host Physical Address (HPA) mapping in main memory."
Knowing that, the researchers were able to map out part of the VMs by asking the CPU to retrieve certain data using a compromised hypervisor. "We first identify the encrypted pages in memory corresponding to the resource, which the service returns as a response to a specific request," the paper said.
After knowing what maps to where, the researchers used the compromised hypervisor to re-map the VM information stored in memory. "By repeatedly sending requests for the same resource to the service while re-mapping the identified memory pages, we extract all the VM's memory in plaintext."
The team also said "the only major requirement for our method is the presence of a service in the VM, which provides a resource to the outside," such as a web server. Using only that to gain access to the hypervisor an attacker could steal as much encrypted VM data as they wanted.
SEE: Web server configuration and management policy (Tech Pro Research)
The Register said that AMD has yet to issue a statement on SEVered, so there's no way of knowing how it will react to this newly discovered flaw. Regardless, it may not be a bad idea to ask your cloud provider (or check your own servers) to find out if any of your services rely on EPYC CPUs.
That's not to say there aren't things AMD could do to fix the problem, the researchers said.
One potential, albeit expensive, solution would be to replicate Intel SGX, which the researchers said offers "a full-featured integrity and freshness protection of guest-pages additional to the encryption." It would likely have a high silicon cost, the researchers said, due to what would be needed to protect full VMs instead of just SGX enclaves.
The only other solution, which would be cheaper, would be "to securely combine the hash of the page's content with the guest-assigned [physical address]."
Until AMD fixes the issue, cloud users should be wary of VM security, and providers should take extra steps to ensure a web service isn't used to infiltrate their systems.
The big takeaways for tech leaders:
- AMD EPYC datacenter CPUs, which are supposed to provide secure, encrypted space for VMs, have been found to have a flaw allowing an attacker to remotely steal VM data in plain text.
- Cloud VM users and operators should take the time to ensure the integrity of their VMs and make sure web services, which are used to trigger the attack, are secure.
- Special report: The future of Everything as a Service (free PDF) (TechRepublic)
- Microsoft Windows, Apple macOS, Linux, BSD: All hit by same 'serious' security flaw (ZDNet)
- 10 new VM escape vulnerabilities discovered in VirtualBox (TechRepublic)
- Hypervisors: The cloud's potential security Achilles heel (ZDNet)
- Hypervisor or containers: Which solution is right for you? (TechRepublic)