StackWarp Vulnerability Undermines AMD SEV-SNP Protections Across Zen 1–5 CPUs
A recent study by researchers at the CISPA Helmholtz Center for Information Security in Germany has unveiled a significant hardware vulnerability in AMD processors, termed StackWarp. This flaw poses a substantial risk to the integrity of confidential virtual machines (CVMs) by compromising the protections offered by AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The vulnerability affects AMD’s Zen 1 through Zen 5 processor architectures.
Understanding the StackWarp Vulnerability
StackWarp allows attackers with elevated privileges on a host server to execute malicious code within CVMs. This is achieved by manipulating the guest virtual machine’s stack pointer, leading to potential remote code execution and privilege escalation within the CVM. The researchers—Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz—highlighted that this manipulation enables the hijacking of both control and data flow within the virtual environment.
Technical Insights into the Exploit
The core of the StackWarp exploit lies in its ability to alter the stack pointer of a guest VM by leveraging a previously undocumented control bit accessible to the hypervisor. An attacker can run a hyperthread concurrently with the target VM, using this control bit to adjust the stack pointer’s position within the protected VM. This manipulation can redirect program execution flow or modify sensitive data, effectively breaching the security measures intended to protect the VM’s integrity.
Impacted AMD Processor Lines
The StackWarp vulnerability affects a range of AMD processors, including:
– AMD EPYC 7003 Series Processors
– AMD EPYC 8004 Series Processors
– AMD EPYC 9004 Series Processors
– AMD EPYC 9005 Series Processors
– AMD EPYC Embedded 7003 Series Processors
– AMD EPYC Embedded 8004 Series Processors
– AMD EPYC Embedded 9004 Series Processors
– AMD EPYC Embedded 9005 Series Processors
Potential Consequences of the Vulnerability
Exploitation of StackWarp can lead to severe security breaches, including:
– Exposure of Sensitive Data: Attackers can extract confidential information from SEV-secured environments.
– Compromise of Virtual Machines: VMs hosted on AMD-powered cloud platforms are at risk of being infiltrated.
– Cryptographic Key Recovery: The vulnerability can be used to recover RSA-2048 private keys from a single faulty signature, potentially bypassing authentication mechanisms like OpenSSH password authentication and sudo’s password prompts.
– Kernel-Mode Code Execution: Attackers may achieve execution of code with kernel-level privileges within a VM.
AMD’s Response and Mitigation Measures
AMD has acknowledged the StackWarp vulnerability, assigning it the identifier CVE-2025-29943 with a CVSS v4 score of 4.6, indicating medium severity. The company describes it as an improper access control issue that could allow an admin-privileged attacker to alter CPU pipeline configurations, leading to stack pointer corruption within an SEV-SNP guest.
To address this vulnerability, AMD has released microcode updates in July and October 2025. Additionally, AGESA patches for EPYC Embedded 8004 and 9004 Series Processors are scheduled for release in April 2026.
Recommendations for System Administrators
System administrators managing SEV-SNP hosts should take the following actions:
1. Evaluate Hyperthreading Settings: Determine if hyperthreading is enabled on affected systems. For CVMs with high integrity requirements, consider temporarily disabling hyperthreading.
2. Apply Updates Promptly: Install all available microcode and firmware updates from AMD to mitigate the vulnerability.
Contextualizing StackWarp Within Broader Security Concerns
The discovery of StackWarp builds upon previous research by CISPA, notably the CacheWarp attack (CVE-2023-20592), which also targeted AMD’s SEV-SNP technology. Both StackWarp and CacheWarp are hardware architectural attacks that exploit microarchitectural optimizations to bypass security measures.
These findings underscore the ongoing challenges in securing virtualized environments and the importance of continuous vigilance and prompt response to emerging threats.
Conclusion
The StackWarp vulnerability represents a significant challenge to the security of AMD’s SEV-SNP technology across multiple processor generations. By understanding the nature of this flaw and implementing recommended mitigation strategies, system administrators can better protect their virtualized environments from potential exploitation.
