Application Development, Potential Risk of CVE

AMD response to research about ‘GhostFetch’ (21-10-2025)

Leave a comment

Official Revision Date: 17-10-2025

Preface: SEV-SNP is a security technology for confidential computing that encrypts virtual machine memory. SEV-SNP protects memory contents and integrity, and its security model does not depend on the cache indexing method.

Background: While SEV-SNP provides strong memory encryption and integrity protections, it does not offer built-in hardware protections specifically for PIPT cachesagainst all forms of side-channel attacks. However, AMD has introduced optional mitigations and best practices to reduce exposure:

  • SEV-SNP includes optional features to mitigate indirect branch predictor poisoning, which is a form of side-channel attack. This helps protect against speculative execution vulnerabilities like Spectre.
  • SEV-ES and SEV-SNP encrypt CPU register states during VM exits, preventing leakage of sensitive data through register inspection.
  • The Reverse Map Table (RMP) ensures that only the owner of a memory page can write to it. This prevents memory aliasing and replay attacks, which could otherwise be exploited via cache-based side channels.
  • SEV-SNP uses Page Validation to ensure that guest pages map to only one physical memory page at a time, reducing the risk of inconsistent memory views that could be exploited.

Vulnerability details: Researchers have shared with AMD a paper titled “GhostFetch: Uncovering and Exploiting the Physical-Address-Indexed Prefetcher to Break AMD SEV-SNP” which describes a prefetcher-based hardware side channel attack.

In their paper the researchers describe a method of using shared prefetcher state to determine whether the virtual address of a load matches the expected address, or whether a load access pattern matches an expected stride.  Either check requires multiple runs but potentially results in loss of confidentiality if the targeted code has either a secret dependent branch or a load access pattern that is secret dependent.

AMD’s response:

AMD believes that the researchers have not identified any AMD prefetchers that have not already been disclosed in the Software Optimization Guide and did not identify any new security implications with AMD prefetchers.

Official announcement: Please see the link for details –

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7047.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.