Some AMD EPYC server CPUs have a serious security flaw, so patch now

The flaw, dubbed CacheWarp, is tracked as CVE-2023-20592 and at press time didn’t have a severity score.

Microcode and firmware updates

"In 3 case studies, we demonstrate an attack on RSA in the Intel IPP crypto library, recovering the entire private key, logging into an OpenSSH server without authentication, and escalating privileges to root via the sudo binary,” the researchers said in the paper.

Soon after the paper was published, AMD released a security advisory acknowledging the flaw. It said CacheWarp was found in the INVD instruction, which could result in the loss of memory integrity of SEV-ES and SEV-SNP guest virtual machines.

"Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity," AMD said.

While EPYC Processors generations 1-3 were affected, it’s just the third generation that is getting a fix. This fix is a hot-loadable microcode patch and an updated firmware image. Users are advised to address the issue immediately. AMD says the patch will not affect the devices’ performance.

Via BleepingComputer

More from TechRadar Pro

• AMD has fixed its latest security flaw - but at the cost of massive slowdowns
• Here's a list of the best cloud hosting services today
• These are the best endpoint security tools right now