AMD INVD Instruction Security Vulnerability
Bulletin ID: AMD-SB-3005
Potential Impact: Memory integrity
Severity: Medium
Summary
External researchers reported a potential vulnerability with the INVD instruction that may lead to a loss of SEV-ES and SEV-SNP guest virtual machine (VM) memory integrity.
CVE Details
Refer to Glossary for explanation of terms
CVE |
Severity |
CVE Description |
CVE-2023-20592 |
Medium |
Improper or unexpected behavior of the INVD instruction in some AMD CPUs may allow an attacker with a malicious hypervisor to affect cache line write-back behavior of the CPU leading to a potential loss of guest virtual machine (VM) memory integrity. |
Affected Products
1st Gen AMD EPYC™ Processors (SEV and SEV-ES)
2nd Gen AMD EPYC™ Processors (SEV and SEV-ES)
3rd Gen AMD EPYC™ Processors (SEV, SEV-ES, SEV-SNP)
Mitigation
No mitigation is available for the first or second generations of EPYC™ processors (“Zen 1”, formerly codenamed “Naples”, “Zen 2”, formerly codenamed “Rome”) since the SEV and SEV-ES features are not designed to protect guest VM memory integrity and the SEV-SNP is not available.
As a mitigation for the potential vulnerability, AMD has provided a hot-loadable microcode patch and updated the firmware image for AMD 3rd generation EPYC™ processors (“Zen 3” microarchitecture, formerly codenamed “Milan”) for customers with the AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) feature enabled. No performance impact is expected from the patch.
This issue has not been found to impact AMD 4th generation “Genoa” EPYC™ processors (“Zen 4” microarchitecture).
The Platform Initialization package (PI) versions listed below are planned to be released to the Original Equipment Manufacturers (OEMs), Original Design Manufacturers (ODMs) and motherboard manufacturers on the target dates listed below. Please refer to your OEM for the BIOS update specific to your product.
Please note AMD is deploying the µcode patch in two ways, as a standalone patch with an updated SEV firmware image and/or as part of a platform initialization (PI) package update. For mitigation prior to Platform Initialization (PI) package release, the µcode patch and SEV firmware image should be installed. The µcode patch should be applied before initializing the SEV-SNP feature via the SNP_INIT_EX command, and if the RMP was previously initialized, the RMP should be re-initialized by setting INIT_RMP to 1. The µcode patch and SEV firmware image will be included in the PI package update when it becomes available.
| CPUIDs | Mitigation Option 1 | Mitigation Option 2 | TCB Values for SNP Attestation |
||
0x00A00F11 0x00A00F12 |
Platform Initialization (PI) (Requires FW flash) |
μcode (Hot loadable) |
SEV FW (Hot loadable-refer to above for instructions) |
TCB[SNP]>=0x14 B2 –TCB[MICROCODE]>=0x34 |
|
| Minimum firmware versions to mitigate all applicable CVEs below | MilanPI 1.0.0.C (Target Dec 2023) |
||||
| CVE-2023-20592 | 5.3 (Medium) | MilanPI 1.0.0.C (Target Dec 2023) |
Milan B1 – 0x0A0011D1 Milan-X B2 – 0x0A001234 |
1.37.10 | TCB[SNP]>=0x14 B2 –TCB[MICROCODE]>=0x34 |
Acknowledgement
AMD thanks the following for reporting this issue and engaging in coordinated vulnerability disclosure:
Ruiyi Zhang (CISPA Helmholtz Center for Information Security)
Lukas Gerlach (CISPA Helmholtz Center for Information Security)
Daniel Weber (CISPA Helmholtz Center for Information Security)
Lorenz Hetterich (CISPA Helmholtz Center for Information Security)
Youheng Lue (Independent)
Leon Trampert (CISPA Helmholtz Center for Information Security)
Andreas Kogler (Graz University of Technology)
Michael Schwarz (CISPA Helmholtz Center for Information Security)
Revisions
Revision Date |
Description |
11-14-2023 |
Initial publication |
DISCLAIMER
The information contained herein is for informational purposes only and is subject to change without notice. While every precaution has been taken in the preparation of this document, it may contain technical inaccuracies, omissions and typographical errors, and AMD is under no obligation to update or otherwise correct this information. Advanced Micro Devices, Inc. makes no representations or warranties with respect to the accuracy or completeness of the contents of this document, and assumes no liability of any kind, including the implied warranties of noninfringement, merchantability or fitness for particular purposes, with respect to the operation or use of AMD hardware, software or other products described herein. Any computer system has risks of security vulnerabilities that cannot be completely prevented or mitigated. No license, including implied or arising by estoppel, to any intellectual property rights is granted by this document. Terms and limitations applicable to the purchase or use of AMD’s products are as set forth in a signed agreement between the parties or in AMD's Standard Terms and Conditions of Sale.
AMD, the AMD Arrow logo, EPYC and combinations thereof are trademarks of Advanced Micro Devices, Inc. CVE and the CVE logo are registered trademarks of The MITRE Corporation. Other product names used in this publication are for identification purposes only and may be trademarks of their respective companies.
Third party content may be licensed to you directly by the third party that owns the content and is not licensed to you by AMD. ALL LINKED THIRD-PARTY CONTENT IS PROVIDED ‘AS IS’ WITHOUT A WARRANTY OF ANY KIND. USE OF SUCH THIRD-PARTY CONTENT IS DONE AT YOUR SOLE DISCRETION AND UNDER NO CIRCUMSTANCES WILL AMD BE LIABLE TO YOU FOR ANY THIRD-PARTY CONTENT. YOU ASSUME ALL RISK AND ARE SOLELY RESPONSIBILITY FOR ANY DAMAGES THAT MAY ARISE FROM YOUR USE OF THIRD-PARTY CONTENT.
© 2023 Advanced Micro Devices, Inc. All rights reserved.