Potential Risk of CVE

CVE-2025-29943: CPU-caused stack corruption issue caused by flipping an undocumented MSR bit (19th Jan 2026)

Leave a comment

Initial publication: 2026-01-15

Preface: CVE-2025-29943 allows disabling AES-NI at runtime, forcing mbedTLS to fall back to a vulnerable software AES implementation. In SGX enclaves, this enables cache-timing attacks to recover AES keys.

Attack Prerequisites:

  • Privileged access inside the VM (root or equivalent).
  • Ability to manipulate CPU feature bits or configuration.

Background: An SGX enclave (Software Guard eXtensions) is

a secure, isolated area within a computer’s processor and memory, creating a Trusted Execution Environment (TEE) for running sensitive code and data, protected even from the OS, hypervisor, or BIOS.

A specific undocumented bit can disable AES-NI at runtime, forcing the AES portion of mbedTLS to “fall back” to a version vulnerable to caching attacks. Utilizing this “fallback” in an SGX enclave, it can fully restored the enclave to use the AES key. Therefore, the vulnerability allows an attacker to extract (recover) the existing secret key.

Ref: The stack pointer (SP) inside an SEV-SNP guest is a critical CPU register, protected by SEV-SNP’s memory encryption and integrity features, but recent attacks like StackWarp and CacheWarp exploit microarchitectural side channels (often involving hyperthreading or cache timing) to infer or manipulate the SP and other sensitive state, potentially bypassing SEV-SNP’s security by observing how memory/cache changes during execution, allowing attackers to hijack control or leak data.

Vulnerability details: CVE-2025-29943: Improper access control within AMD CPUs may allow an admin-privileged attacker to modify the configuration of the CPU pipeline, potentially resulting in the corruption of the stack pointer inside an SEV-SNP guest.

Remark:

-Privileged accounts are not immune to compromise (e.g., insider threats, privilege escalation).

-Cloud or virtualized environments often assume strong isolation, but if an attacker gains root/admin inside the VM, they can exploit this vulnerability.

-The vulnerability affects cryptographic integrity and confidentiality, which is critical for SGX and secure workloads.

Reminder: It’s not a remote exploit, but local privileged exploits are still considered medium-risk (4.6) because:

  • They can lead to full compromise of sensitive data.
  • They break the security guarantees of SGX and SEV environments.

Official announcement: Please refer to the link for details.

https://www.amd.com/en/resources/product-security/bulletin/amd-sb-3027.html

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.