An error in the AMD processor microcode allows virtual machine users to access the hypervisor host system

The researchers found an error in the microcode of AMD processors, the operation of which may allow attackers to penetrate the host system of the hypervisor from a virtual machine running on it. Computers using AMD Piledriver CPUs (for example, the Opteron 6300 chips line) and microcodes of versions 0x6000832 and 0x6000836 are subject to this vulnerability.

What is the problem

An error in the microcode leads to content modification.
the register pointing to the top of the stack during interrupt processing — the RSP pointer is shifted by one field. As a result, when returning from the handler, the `` IRETQ`` 'instruction “snatches” the value following the return address from the stack.
')
Attackers can try to control this process by substituting values ​​that indicate the address space they use — as a result, it is possible to execute code with monitor rights.

This means that the processor will execute code located in an untrusted address space. Thus, an attack on the hypervisor's host system can even be obtained by accessing the virtual machine with the rights of a regular user, and not an administrator.

The exploitation of this vulnerability is quite complicated due to the need to create a specific, hard-to-reproduce state of the system part of the software. During the discussion in the Linux kernel mailing list, LKML security researcher Robert więcki Robert Robert, said that during the tests he managed to create conditions for its use “a couple of times out of 30“ oops ”.

Details of the exploitation of the vulnerability have not yet been published, and there is also no information on the full set of conditions required for this.

How to protect

AMD representatives told The Register that they are aware of the problem. The company has developed a patch that fixes a bug in the firmware of vulnerable versions - AMD partners have got access to the fix since March 7. Users need to install a patch — download it in special firmware packages for various operating systems or from the manufacturer’s website — and restart the system.

In addition, on the website of the VMware virtualization products manufacturer, there are links to bug fixes when working with machines using AMD Opteron 6300 processors for VMware ESXi. At the same time, whether the corrected errors and the vulnerability found in AMD processors are currently unknown.

Over the past few months, this is not the first error found in the firmware of popular processors. So in January 2015, researchers discovered a bug in the Intel Skylake processor, which caused the computer to freeze during complex calculations.