WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP

arXiv:2404.03526v1 Announce Type: new
Abstract: AMD SEV-SNP offers VM-level trusted execution environments (TEEs) to protect the confidentiality and integrity for sensitive cloud workloads from untrusted hypervisor controlled by the cloud provider. AMD introduced a new exception, #VC, to facilitate the communication between the VM and the untrusted hypervisor. We present WeSee attack, where the hypervisor injects malicious #VC into a victim VM's CPU to compromise the security guarantees of AMD SEV-SNP. Specifically, WeSee injects interrupt number 29, which delivers a …

amd amd sev arxiv cloud cloud provider cloud workloads communication confidentiality cs.cr environments hypervisor integrity malicious protect sensitive untrusted workloads