Full Report
Fix landed in July, but OEM firmware updates are required If you use virtual machines, there's reason to feel less-than-Zen about AMD's CPUs. Computer scientists affiliated with the CISPA Helmholtz Center for Information Security in Germany have found a vulnerability in AMD CPUs that exposes secrets in its secure virtualization environment.…
Analysis Summary
# Vulnerability: StackWarp - AMD SEV-SNP Integrity Bypass via Stack Engine Manipulation
## CVE Details
- CVE ID: CVE-2025-29943
- CVSS Score: [Not explicitly stated, reported as "low severity" by AMD]
- CWE: [Not explicitly stated]
## Affected Systems
- Products: AMD CPUs (Zen architecture) utilizing AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP)
- Versions: Not specified, but applicable when Simultaneous Multithreading (SMT) is enabled.
- Configurations: Requires the target workload to be running inside an AMD SEV-SNP protected Guest VM, with SMT enabled on the host CPU.
## Vulnerability Description
The vulnerability, dubbed "StackWarp," is a microarchitectural flaw in the CPU's stack engine mechanism designed to accelerate stack operations on AMD Zen CPUs. CISPA researchers discovered that by flipping an undocumented control bit (bit 19 of MSR 0xC0011029) on the hypervisor side, an attacker sharing a physical core with a target SEV-SNP guest VM can break the synchronization between logical sibling cores. This manipulation "freezes" the accumulated stack-pointer delta while subsequent stores commit, allowing the attacker to corrupt the synchronized sibling thread's control and data flow within the protected guest. This effectively breaks the integrity guarantees provided by SEV-SNP.
## Exploitation
- Status: PoC available
- Complexity: Medium (Requires hypervisor-level control over system state and knowledge of the undocumented MSR)
- Attack Vector: Local (Requires execution on a sibling thread sharing the same physical core as the target VM)
### Impact
- Confidentiality: High (Demonstrated recovery of RSA-2048 private keys)
- Integrity: High (Demonstrated bypass of OpenSSH and `sudo` password authentication, and ability to obtain ring 0 code execution by modifying the kernel stack)
- Availability: Low (The attack focuses on information disclosure and control flow hijacking, not denial of service)
## Remediation
### Patches
- AMD made patches available in **July 2025**.
- **Crucially, the fix requires OEM firmware/microcode updates** to be functional, suggesting the ultimate remediation is dependent on hardware/firmware implementation correcting the MSR behavior or disabling the exploitable path.
### Workarounds
- The primary suggestion implies that **disabling Simultaneous Multithreading (SMT)** undermines the ability for the exploit to succeed, as SMT is a prerequisite for the sibling core interaction necessary for the attack.
## Detection
- Indicators of compromise involve unauthorized access to encrypted VM secrets (keys), unexpected privilege escalations within a VM, or credential compromise within a CVM environment.
- Detection methods would likely involve hardware performance counters or specialized monitoring looking for suspicious access patterns to the undocumented MSR or unusual stack pointer manipulation within privileged execution contexts.
## References
- [CISPA StackWarp Information Page](https: //cispa.de/en/stackwarp)
- [CISPA StackWarp Research Paper](https: //cispa.de/news/2026/stackwarp-final.pdf)
- [GitHub Proof-of-Concept Code](https: //github.com/cispa/StackWarp)