top of page
Search

AMD Discloses Vulnerabilities in EPYC CPUs’ Secure Encrypted Virtualization


ree

AMD disclosed two exploits targeting the Secure Encrypted Virtualization (SEV) feature used by its first-, second-, and third-gen EPYC processors ahead of their presentation at the 15th IEEE Workshop on Offensive Technologies (WOOT’21).


The first exploit, CVE-2020-12967, is set to be presented in a paper from researchers at Fraunhofer AISEC and the Technical University of Munich titled “SEVerity: Code Injection Attacks against Encrypted Virtual Machines.”

AMD said the researchers who discovered that flaw “make use of previously discussed research around the lack of nested page table protection in the SEV/SEV-ES feature which could potentially lead to arbitrary code execution within the guest.”

The second exploit, CVE-2021-26311, will be detailed in a paper with the interestingly capitalized title of “undeSErVed trust: Exploiting Permutation-Agnostic Remote Attestation” from researchers at the University of Lübeck.


AMD said the research showed ”memory can be rearranged in the guest address space that is not detected by the attestation mechanism which could be used by a malicious hypervisor to potentially lead to arbitrary code execution within the guest.”


Even though both exploits affect three generations of EPYC processors, only third-generation models will receive a mitigation directly from AMD courtesy of the SEV-Secure Nested Paging feature described in a white paper in January 2020.

As for first- and second-gen EPYC processors: AMD said it “recommends following security best practices” to mitigate exposure to these exploits. That isn’t particularly actionable advice, but fortunately, it shouldn’t prove too hard to follow. We're following up to see if these issues will receive their own mitigations.

AMD said the “exploits mentioned in both papers require a malicious administrator to have access in order to compromise the server hypervisor.” Requiring physical access should limit the exploits’ reach—especially during a global pandemic.


 
 
 

Comments

many ways to contact
Earth logo
Cloud logo

Helping you find the right IT solutions.

When your PC breaks down -- assuming you can't fix it yourself -- your first port of call should be a professional repairer who is able to rescue that vital data, restore the operating system without losing your photos, remove ad-ware / spyware / viruses, or get that graphics card working again, or design that professional logo or web site.. PC Guru Zanesville can help you with all of that, and more!

3. Remote IT Services

2. Web and Graphic Design

1. Managed IT Solutions

© 2025 by PCG Zanesville, LLC.   

All rights reserved. 

zmccc logo.gif
bottom of page