1. Forum
  2. tqwNet
  3. TQW GENTECH

  • AMD CPU users beware - this security flaw could spill all your se

    From TechnologyDaily@1337:1/100 to All on Friday, January 16, 2026 18:45:09
    AMD CPU users beware - this security flaw could spill all your secrets

    Date:
    Fri, 16 Jan 2026 18:25:00 +0000

    Description:
    AMD gave the bug a low severity score and released a fix, so update now.

    FULL STORY ======================================================================CISPA researchers uncover AMD CPU flaw StackWarp breaking confidential VM protections Vulnerability enables RCE, privilege escalation, and theft of private keys in Zen processors AMD released patch (CVE-2025-29943), rated low severity, requiring host-level access to exploit

    A newly discovered vulnerability in AMD chips allows malicious actors to perform remote code execution (RCE) and privilege escalation in virtual machines.

    Cybersecurity researchers from the CISPA Helmholtz Center for Information Security in Germany detailed a vulnerability they named StackWarp, a hardware vulnerability in AMD CPUs that breaks the protections of confidential virtual machines, by manipulating how the processor tracks the stack, and letting a malicious insider or hypervisor change program flow or read sensitive data inside a protected VM.

    As a result, malicious actors can recover private keys, and run code with
    high privileges, even though the VMs memory was supposed to be secure. Silver lining

    StackWarp was said to impact AMD Zen processors, 1 through 5, with the researchers demonstrating the impact in multiple scenarios. In one instance, they were able to reconstruct an RSE-2048 private key, while in another - bypassed OpenSSH password authentication.

    The silver lining in the report is the fact that the malicious actor first needs privileged control over the host server running the virtual machines. That means the vulnerability can be exploited by either malicious insiders, cloud providers, or highly sophisticated threat actors with prior access.

    This significantly shrinks the number of potential attackers, but it still highlights how AMDs SEV-SNP, designed to encrypt VM memory, can be weakened and compromised.

    These findings demonstrate that CVM execution integritythe very defense SEV-SNP aims to offercan be effectively broken: Confidential keys and passwords can be stolen, attackers can impersonate legitimate users or gain persistent control of the system, and isolation between guest VMs and the
    host or other VMs can no longer be relied upon, it was said in the report.

    AMD acknowledged the findings and has released a patch, which the bug now tracked as CVE-2025-29943 and was given a low severity score (3.2/10).

    Via The Register

    Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the
    Follow button!

    And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/amd-cpu-users-beware-this-security-flaw -could-spill-all-your-secrets


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)