PRESS-NEWS.org - Press Release Distribution
PRESS RELEASES DISTRIBUTION

New CPU vulnerability makes virtual machine environments vulnerable

Researchers at TU Graz and the Helmholtz Centre for Information Security have identified a security vulnerability that could allow data on virtual machines with AMD processors to fall under the control of attackers

New CPU vulnerability makes virtual machine environments vulnerable
2023-11-14
(Press-News.org) In the area of cloud computing, i.e. on-demand access to IT resources via the internet, so-called trusted execution environments (TEEs) play a major role. They are designed to ensure that the data on the virtual work environments (virtual machines) is secure and cannot be manipulated or stolen. Researchers at the CISPA Helmholtz Centre for Information Security and Graz University of Technology (TU Graz) have now discovered a security vulnerability in AMD processors that allows attackers to penetrate virtual work environments based on the trusted computing technologies AMD SEV-ES and AMD SEV-SNP. This is achieved by resetting data changes in the buffer memory (cache), which gives the intruders unrestricted access to the system. They have chosen CacheWarp as the name for this software-based attack method.

CacheWarp turns back time in memory AMD Secure Encrypted Virtualisation (SEV) is a processor extension that provides secure separation between virtual machines and the underlying software, known as the hypervisor, for managing the required resources. AMD SEV encrypts the data on the virtual machine for this purpose. CacheWarp can be used to undo data modifications in this working environment and fool the system into believing it has an outdated status. This is problematic, for example, if a variable determines whether a user is successfully authenticated or not. Successful authentication is usually marked with “0”, which is, however, the same value with which the variable is initialised. If a potential attacker enters an incorrect password, the variable is overwritten with a value not equal to “0”. However, CacheWarp can be used to reset this variable to its initial status when it indicated successful authentication. This allows an attacker to establish an already authenticated session.

This is made possible by an unexpected interaction between CPU instructions and AMD-SEV, through which the cache can be reset to its old state. Once the attacker has gained access in this way, they can subsequently gain the full access rights of an administrator to the data in the virtual machine. During their tests, the researchers were able to take all the data located there, modify it and spread from the virtual machine further into the user’s infrastructure. They first bypassed the secure login and then overcame the barrier between normal user and administrator.

AMD provides update As is usual in such cases, the researchers informed the manufacturer concerned, in this case AMD, about the security vulnerability in advance so that it could take the necessary measures before the research results are published. AMD has identified CacheWarp under the identifier CVE-2023-20592 and is providing a microcode update that fixes the vulnerability. The manufacturer has published further information on this in the AMD Security Bulletin.

“Research in the field of microarchitectural attacks is fascinating because it very often reveals just how complex our modern computer systems have become,” says Andreas Kogler from the Institute of Applied Information Processing and Communications (IAIK) at TU Graz. “It’s amazing how the interplay of several factors makes it possible to extract or change data from such systems. Our work on CacheWarp shows how an attacker can make write accesses to the memory of the affected processors virtually forgotten. You can think of it like older USB sticks. If you overwrote a document there, but removed the stick before the end of the writing process, you could find parts of the old version instead of the new one the next time you plugged in and read the document.”

The research team led by Michael Schwarz from the CISPA Helmholtz Centre for Information Security has created its own website (cachewarpattack.com) to provide information on CacheWarp. The scientific paper entitled “CacheWarp: Software-based fault injection using selective state reset” is available on the site and has already been accepted for the “USENIX Security” conference 2024. The authors are: Ruiyi Zhang, Lukas Gerlach, Daniel Weber, Lorenz Hetterich, Michael Schwarz (all CISPA Helmholtz Centre for Information Security), Andreas Kogler (TU Graz) and Youheng Lü (independent).

This research is anchored in the Field of Expertise "Information, Communication & Computing", one of five strategic foci of TU Graz.

END

[Attachments] See images for this press release:
New CPU vulnerability makes virtual machine environments vulnerable New CPU vulnerability makes virtual machine environments vulnerable 2

ELSE PRESS RELEASES FROM THIS DATE:

Peer educators play key role in new recipe development and testing

2023-11-14
Philadelphia, November 14, 2023 – Cooking and recipe demonstrations encourage healthy eating and adoption of unfamiliar foods by class participants. The research brief shared in the Journal of Nutrition Education and Behavior, published by Elsevier, demonstrates that valuable input by peer educators can be obtained through a hybrid home-use testing method. The process of recipe development involves sensory evaluation about the appearance, aroma, taste, texture, and flavor of the food. Although a controlled laboratory setting is the gold standard for evaluation because of consistent preparation and presentation of food, bringing peer educators to a ...

Advances and challenges in gene therapy for rare diseases

Advances and challenges in gene therapy for rare diseases
2023-11-14
New Rochelle, NY, November 13, 2023—A new review article in the peer-reviewed journal Human Gene Therapy summarizes the significant milestones in the development of gene therapy medicinal products that have facilitated the treatment of a significant number of rare diseases. The article also describes the challenges in the progress of gene therapy for rare diseases. Click here to read the article now. Juan Bueren, from Centro de Investigaciones Energéticas Medioambientalies y Tecnológicas (CIEMAT), ...

What factors influence PrEP prescribing behavior in health care providers?

2023-11-14
HIV pre-exposure prophylaxis (PrEP), a daily dose of two medications meant to prevent HIV infection in high-risk people, has changed public health dramatically in recent years. Yet, adolescents and young adults, one high-risk group, have shown slower uptake in using this prevention method. Despite accounting for around 20 percent of new HIV infections, adolescents and young adults between the ages of 13 and 24 are still largely not being prescribed PrEP. Research has described physician intentions to prescribe PrEP to at-risk young people, but no studies until now have focused on factors that may affect actual prescribing of this evidence-based ...

ASCE establishes Dan M. Frangopol Medal for Life-Cycle Civil Engineering of Civil Structures

ASCE establishes Dan M. Frangopol Medal for Life-Cycle Civil Engineering of Civil Structures
2023-11-14
The American Society of Civil Engineers (ASCE) recently instituted the Dan M. Frangopol Medal for Life-Cycle Engineering of Civil Structures in recognition of the Lehigh Engineering professor’s contributions as a pioneering researcher and educator and leading authority in the fields of life-cycle civil engineering and life-cycle cost optimization. The award pays tribute to Frangopol, the inaugural Fazlur R. Khan Endowed Chair of Structural Engineering and Architecture in the Department of Civil and Environmental Engineering ...

Webb Telescope’s Marcia Rieke awarded Catherine Wolfe Bruce Gold Medal

Webb Telescope’s Marcia Rieke awarded Catherine Wolfe Bruce Gold Medal
2023-11-14
Dr. Marcia Rieke, principal investigator for the Near-Infrared Camera on NASA’s James Webb Space Telescope is the Astronomical Society of the Pacific’s (ASP) 2023 recipient of its most prestigious award. ASP’s Catherine Wolfe Bruce Gold Medal honors Rieke, a Regents Professor of astronomy and Elizabeth Roemer Endowed Chair, Steward Observatory, at the University of Arizona. Rieke’s award and achievements was recognized at the ASP Awards Gala on Saturday, Nov. 11, in Redwood City, California. Groundbreaking Contributions Rieke’s research has focused on infrared observations of ...

Galactic ‘lightsabers’: Answering longstanding questions about jets from black holes

Galactic ‘lightsabers’: Answering longstanding questions about jets from black holes
2023-11-14
The one thing everyone knows about black holes is that absolutely everything nearby gets sucked into them. Almost everything, it turns out. “Even though black holes are defined as objects from which nothing can escape, one of the astonishing predictions of Einstein’s theory of relativity is that black holes can actually lose energy,” says astrophysicist Eliot Quataert, Princeton’s Charles A. Young Professor of Astronomy on the Class of 1897 Foundation. “They ...

Researchers identify unexpected twist while developing new polymer-based semiconductors

Researchers identify unexpected twist while developing new polymer-based semiconductors
2023-11-14
CHAMPAIGN, Ill. — A new study led by chemists at the University of Illinois Urbana-Champaign brings fresh insight into the development of semiconductor materials that can do things their traditional silicon counterparts cannot – harness the power of chirality, a non-superimposable mirror image. Chirality is one of nature’s strategies used to build complexity into structures, with the DNA double helix perhaps being the most recognized example – two molecule chains connected by a molecular “backbone” ...

Immigrants living in the U.S. have fewer preterm births

2023-11-14
Preterm birth predicts lifelong health outcomes Worsening preterm birth rates in the U.S. represent a ‘key metric to target to improve overall societal health’ Study identifies key differences among Asian and Hispanic subgroups Minority stress could contribute to inequities that begin at birth between populations in the U.S. CHICAGO --- Preterm birth rates are an important marker in assessing a country’s overall health. And the United States isn’t fairing very well. Individuals born in the U.S. had an overall higher rate (9.7%) of giving birth prematurely compared to U.S. immigrants (9%), a new Northwestern Medicine ...

When we see what others do, our brain sees not what we see, but what we expect

When we see what others do, our brain sees not what we see, but what we expect
2023-11-14
When we see what others do, our brain sees not what we see, but what we expect When we engage in social interactions, like shaking hands or having a conversation, our observation of other people’s actions is crucial. But what exactly happens in our brain during this process: how do the different brain regions talk to each other? Researchers at the Netherlands Institute for Neuroscience provide an intriguing answer: our perception of what others do depends more on what we expect to happen than previously believed.  For some time, researchers have been trying to understand how our brains process other people’s ...

Great results with emergency care adapted for pregnant women

Great results with emergency care adapted for pregnant women
2023-11-14
Increased vigilance for high blood pressure and diffuse stomach pain. These are some of the characteristics of emergency care adapted for pregnant women and new mothers. The model, which could become clinical routine throughout Sweden, is described in a thesis at the University of Gothenburg. The aim of the thesis was to reduce morbidity and mortality among pregnant women and new mothers seeking emergency care. Sweden has relatively low rates of pregnancy-related morbidity and mortality, but pregnant women and new mothers do not currently receive ...

LAST 30 PRESS RELEASES:

Being consistently physically active in adulthood linked to 30–40% lower risk of death

Nerve pain drug gabapentin linked to increased dementia, cognitive impairment risks

Children’s social care involvement common to nearly third of UK mums who died during perinatal period

‘Support, not judgement’: Study explores links between children’s social care involvement and maternal deaths

Ethnic minority and poorer children more likely to die in intensive care

Major progress in fertility preservation after treatment for cancer of the lymphatic system

Fewer complications after additional ultrasound in pregnant women who feel less fetal movement

Environmental impact of common pesticides seriously underestimated

The Milky Way could be teeming with more satellite galaxies than previously thought

New study reveals surprising reproductive secrets of a cricket-hunting parasitoid fly

Media Tip Sheet: Symposia at ESA2025

NSF CAREER Award will power UVA engineer’s research to improve drug purification

Tiny parasitoid flies show how early-life competition shapes adult success

New coating for glass promises energy-saving windows

Green spaces boost children’s cognitive skills and strengthen family well-being

Ancient trees dying faster than expected in Eastern Oregon

Study findings help hone precision of proven CVD risk tool

Most patients with advanced melanoma who received pre-surgical immunotherapy remain alive and disease free four years later

Introducing BioEmu: A generative AI Model that enables high-speed and accurate prediction of protein structural ensembles

Replacing mutated microglia with healthy microglia halts progression of genetic neurological disease in mice and humans

New research shows how tropical plants manage rival insect tenants by giving them separate ‘flats’

Condo-style living helps keep the peace inside these ant plants

Climate change action could dramatically limit rising UK heatwave deaths

Annual heat-related deaths projected to increase significantly due to climate and population change

Researchers discover new way cells protect themselves from damage

Rivers choose their path based on erosion — a discovery that could transform flood planning and restoration

New discovery reveals dopamine operates with surgical precision, not as a broad signal

New AI tool gives a helping hand to x ray diagnosis

New Leicester study reveals hidden heart risks in women with Type 2 Diabetes

Over 400 different types of nerve cell have been grown – far more than ever before

[Press-News.org] New CPU vulnerability makes virtual machine environments vulnerable
Researchers at TU Graz and the Helmholtz Centre for Information Security have identified a security vulnerability that could allow data on virtual machines with AMD processors to fall under the control of attackers