A workforce of teachers from the CISPA Helmholtz Heart for Info Safety in Germany has disclosed the main points of a brand new {hardware} vulnerability affecting AMD processors.
The security flaw, codenamed StackWarp, can enable unhealthy actors with privileged management over a bunch server to run malicious code inside confidential digital machines (CVMs), undermining the integrity ensures supplied by AMD Safe Encrypted Virtualization with Safe Nested Paging (SEV-SNP). It impacts AMD Zen 1 by means of Zen 5 processors.
“Within the context of SEV-SNP, this flaw permits malicious VM [virtual machine] hosts to govern the visitor VM’s stack pointer,” researchers Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz mentioned. “This allows hijacking of each management and knowledge move, permitting an attacker to realize distant code execution and privilege escalation inside a confidential VM.”
AMD, which is monitoring the vulnerability as CVE-2025-29943 (CVSS v4 rating: 4.6), characterised it as a medium-severity, improper entry management bug that would enable an admin-privileged attacker to change the configuration of the CPU pipeline, inflicting the stack pointer to be corrupted inside an SEV-SNP visitor.
The problem impacts the next product strains –
- AMD EPYC 7003 Sequence Processors
- AMD EPYC 8004 Sequence Processors
- AMD EPYC 9004 Sequence Processors
- AMD EPYC 9005 Sequence Processors
- AMD EPYC Embedded 7003 Sequence Processors
- AMD EPYC Embedded 8004 Sequence Processors
- AMD EPYC Embedded 9004 Sequence Processors
- AMD EPYC Embedded 9005 Sequence Processors
Whereas SEV is designed to encrypt the reminiscence of protected VMs and is meant to isolate them from the underlying hypervisor, the brand new findings from CISPA present that the safeguard will be bypassed with out studying the VM’s plaintext reminiscence by as an alternative focusing on a microarchitectural optimization known as stack engine, liable for accelerated stack operations.
“The vulnerability will be exploited through a beforehand undocumented management bit on the hypervisor facet,” Zhang mentioned in an announcement shared with The Hacker Information. “An attacker operating a hyperthread in parallel with the goal VM can use this to govern the place of the stack pointer contained in the protected VM.”
This, in flip, permits redirection of program move or manipulation of delicate knowledge. The StackWarp assault can be utilized to reveal secrets and techniques from SEV-secured environments and compromise VMs hosted on AMD-powered cloud environments. Particularly, it may be exploited to get better an RSA-2048 non-public key from a single defective signature, successfully getting round OpenSSH password authentication and sudo’s password immediate, and attain kernel-mode code execution in a VM.
The chipmaker launched microcode updates for the vulnerability in July and October 2025, with AGESA patches for EPYC Embedded 8004 and 9004 Sequence Processors scheduled for launch in April 2026.
The event builds upon a previous examine from CISPA that detailed CacheWarp (CVE-2023-20592, CVSS v3 rating:m 6.5), a software program fault assault on AMD SEV-SNP, which allows attackers to hijack management move, break into encrypted VMs, and carry out privilege escalation contained in the VM. It is price noting that each are {hardware} architectural assaults.
“For operators of SEV-SNP hosts, there are concrete steps to take: First, verify whether or not hyperthreading is enabled on the affected methods. Whether it is, plan a brief disablement for CVMs which have notably excessive integrity necessities,” Zhang mentioned. “On the similar time, any out there microcode and firmware updates from the {hardware} distributors needs to be put in. StackWarp is one other instance of how delicate microarchitectural results can undermine system-level security ensures.”
