CVE-2024-21944: Undermining Integrity Features of SEV-SNP with Memory Aliasing

Preface: The Serial Presence Detect function is implemented using a 2048 bit EEPROM component. This nonvolatile storage device contains data programmed by the DIMM manufacturer that identifies the module type and various SDRAM organization and timing parameters.

EEPROM stands for Electrically Erasable Programmable Read-Only Memory. It’s a type of non-volatile memory used in computers and other electronic devices to store critical data that remains intact even when power is off.

Background: AMD SEV-SNP is a confidential computing hardware technology present in AMD EPYC processors from generation 3 and newer. It is based on hardware virtualization extensions and achieves isolation by adding these measures: Full memory encryption.

SEV-SNP is supported on AMD EYPC processors starting with the AMD EPYC 7003 series processors. AMD SEV-SNP offers powerful and flexible support for the isolation of a guest virtual machine from an untrusted host operating system. It is very useful in public cloud and any untrusted host scenario.

Vulnerability details: Improper input validation for DIMM serial presence detect (SPD) metadata could allow an attacker with physical access, ring0 access on a system with a non-compliant DIMM, or control over the Root of Trust for BIOS update, to potentially overwrite guest memory resulting in loss of guest data integrity.

Remark: AMD recommends utilizing memory modules that lock Serial Presence Detect (SPD), as well as following physical system security best practices.

Official announcement: Please refer to the link for details – https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3015.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.