Novel Ahoi attacks could compromise confidential VMs
Confidential virtual machines could be breached through two different types of novel Ahoi attacks, reports SecurityWeek.
Intrusions leveraging the first technique, dubbed “Heckler,” involved the targeting of hardware-based trusted execution environments running on Intel’s Trust Domain Extensions and AMD’s Secure Encrypted Virtualization-Secure Nested Paging technologies with malicious hypervisors that sought to facilitate authentication evasion and root access, according to ETH Zurich researchers, who discovered the attacks.
Such an issue, which is believed by AMD to have stemmed from the Linux implementation of SEV-SNP, was confirmed to not impact Microsoft Azure and Amazon Web Services’ EC2. However, AWS will be issuing kernel fixes for Amazon Linux, which has been impacted by the issue.
On the other hand, only AMD SEV-SNP-based confidential virtual machines are impacted by the second attack, dubbed “WeSee,” which involved the exploitation of a special interrupt to enable sensitive data exfiltration, kernel data corruption, and root shell opening.