AMD CPU users beware - this security flaw could spill all your secrets

News
By published

New AMD CPU flaw highlights the risk of running multiple VMs

An Artistic Rendering Of An AMD Zen Microprocessor
(Image credit: AMD)
  • CISPA researchers uncover AMD CPU flaw “StackWarp” breaking confidential VM protections
  • Vulnerability enables RCE, privilege escalation, and theft of private keys in Zen processors
  • AMD released patch (CVE-2025-29943), rated low severity, requiring host-level access to exploit

A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines.

Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating how the processor tracks the stack, and letting a malicious insider or hypervisor change program flow or read sensitive data inside a protected VM.

As a result, malicious actors can recover private keys, and run code with high privileges, even though the VM’s memory was supposed to be secure.

Silver lining

StackWarp was said to impact AMD Zen processors, 1 through 5, with the researchers demonstrating the impact in multiple scenarios. In one instance, they were able to reconstruct an RSE-2048 private key, while in another - bypassed OpenSSH password authentication.

The silver lining in the report is the fact that the malicious actor first needs privileged control over the host server running the virtual machines. That means the vulnerability can be exploited by either malicious insiders, cloud providers, or highly sophisticated threat actors with prior access.

This significantly shrinks the number of potential attackers, but it still highlights how AMD’s SEV-SNP, designed to encrypt VM memory, can be weakened and compromised.

“These findings demonstrate that CVM execution integrity—the very defense SEV-SNP aims to offer—can be effectively broken: Confidential keys and passwords can be stolen, attackers can impersonate legitimate users or gain persistent control of the system, and isolation between guest VMs and the host or other VMs can no longer be relied upon,” it was said in the report.

AMD acknowledged the findings and has released a patch, which the bug now tracked as CVE-2025-29943 and was given a low severity score (3.2/10).

Via The Register

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.