CacheWarp: Dropping one write to take over AMD-SEV
On 2023-11-14 the CISPA Helmholtz Center for Information Security published a new Attack on AMD-SEV called CacheWarp (CVE-2023-20592), in which I am one of the original authors. This attack allows a malicious hypervisor to drop memory writes on an encrypted VM using the
invd instruction. Due to the difficulty of the setup, a feasible attack should only drop memory once to achieve its goal. In this article, we examine how one memory drop is enough to break
sudo to completely hijack the victim system.