CVE-2020-12967
AMD Secure Encrypted Virtualization
In short
AMD's SEV/SEV-ES encryption feature lacks proper protection for nested page tables, allowing a malicious server administrator to run arbitrary code inside encrypted virtual machines. This undermines the security guarantee that VMs should be isolated from the hypervisor.
Technical detail
CVE-2020-12967 affects AMD SEV/SEV-ES by failing to protect nested page table (NPT) structures, enabling a hypervisor-level threat actor to inject code into guest VMs despite encryption. The attack requires administrator access to the hypervisor and compromises guest VM integrity and confidentiality through memory manipulation.
Summary generated and translated by AI from the official description.
The lack of nested page table protection in the AMD SEV/SEV-ES feature could potentially lead to arbitrary code execution within the guest VM if a malicious administrator has access to compromise the server hypervisor.
Affected products
AMD · SEV/SEV-ESWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →