Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)

TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)

TLB Poisoning Attacks on AMD Secure Encrypted Virtualization (SEV)

Lenovo Security Advisory: LEN-75179

Potential Impact: Loss of Integrity, confidentiality, availability

Severity: Medium

Scope of Impact: Industry-wide

CVE Identifier: CVE-2021-26340

 

Summary Description:

AMD reported a malicious hypervisor in conjunction with an unprivileged attacker process inside an SEV/SEV-ES guest VM may fail to flush the TLB resulting in unexpected behavior inside the VM.

This attack is only possible if the hypervisor is maliciously controlled, a victim VM runs an unprivileged process controlled by an attacker, and the malicious hypervisor has knowledge of the virtual address ranges of the victim VM.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

AMD is not releasing updated firmware to address these vulnerabilities. AMD has provided mitigation in the SEV-SNP feature which is available for enablement in 3rd Gen AMD EPYC ("Milan") processors. Under SEV-SNP, the CPU hardware enforces TLB flushes where required and does not rely solely on the hypervisor to initiate TLB flushes. VM’s that use SEV-SNP are therefore not affected by this issue. Prior generations of AMD EPYC™ do not support SEV-SNP.
For earlier AMD EPYC™ products (1st Gen "Naples" and 2nd Gen "Rome"), AMD recommends following security best practices for helping protect against malicious hypervisor attacks and only running trusted code. For additional information on SEV-SNP and SEV/SEV-ES please refer to our white paper in the References Section of this document.

For additional information on SEV-SNP and SEV/SEV-ES please refer to AMD"s white paper here.

To determine the AMD EPYC processor generation of affected systems, please refer to the Processor options section of the Product Guides listed in the Product Impact Section below.

 

Product Impact:

To download the version specified for your product below, follow these steps:

Navigate to the Drivers & Software support site for your product:

  1. Search for your product by name or machine type.
  2. Click Drivers & Software on the left menu panel.
  3. Click on Manual Update to browse by Component type.
  4. Compare the minimum fix version for your product from the applicable product table below with the latest version posted on the support site.

Lenovo also offers tools to assist with update management as an alternative to the manual steps described above. Refer to the following for additional help:

PC Products and Software: https://support.lenovo.com/us/en/solutions/ht504759

Server and Enterprise Software: https://support.lenovo.com/us/en/solutions/lnvo-lxcaupd and https://datacentersupport.lenovo.com/us/en/documents/lnvo-center

 

Click below links to view affected products:

ThinkAgile

ThinkSystem

 

References:

https://www.amd.com/en/corporate/product-security/bulletin/amd-sb-1023

https://www.amd.com/system/files/TechDocs/SEV-SNP-strengthening-vm-isolation-with-integrity-protection-and-more.pdf

https://lenovopress.com/lp1383-thinkagile-hx3375-appliance-and-thinkagile-hx3376-certified-node

https://lenovopress.com/lp1160-thinksystem-sr635-server

https://lenovopress.com/lp1280-thinksystem-sr645-server

 

Revision History:

Revision Date Description
1 2021-12-14 Initial release

For a complete list of all Lenovo Product Security Advisories, click here.

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on an “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

Product Impact:

AMD is not releasing updated firmware to address these vulnerabilities. AMD has provided mitigation in the SEV-SNP feature which is available for enablement in 3rd Gen AMD EPYC ("Milan") processors. Refer to the Mitigation Strategy above for full mitigation guidance.

ThinkAgile

Product

Notes

HX3375 Appliance (ThinkAgile)

To determine the AMD EPYC processor generation, refer to the Processor options section of the Product Guide

HX3376 Certified Node (ThinkAgile)

To determine the AMD EPYC processor generation, refer to the Processor options section of the Product Guide

ThinkSystem

Product

Notes

SR635 (ThinkSystem)

To determine the AMD EPYC processor generation, refer to the Processor options section of the Product Guide

SR645 (ThinkSystem)

To determine the AMD EPYC processor generation, refer to the Processor options section of the Product Guide

SR655 (ThinkSystem)

To determine the AMD EPYC processor generation, refer to the Processor options section of the Product Guide

SR665 (ThinkSystem)

To determine the AMD EPYC processor generation, refer to the Processor options section of the Product Guide


Alias Id:LEN-75179
Document ID:PS500459
Original Publish Date:12/14/2021
Last Modified Date:12/14/2021