CacheWarp: Software-based Fault Injection using Selective State Reset
Ruiyi Zhang, Youheng Lü, Andreas Kogler, Michael Schwarz
33rd USENIX Security Symposium · Day 1 · USENIX Security '24
In a groundbreaking presentation at USENIX Security '24, Ruiyi Zhang and Youheng Lü unveiled **CacheWarp**, a novel software-based fault injection attack that fundamentally compromises the integrity guarantees of AMD's Secure Encrypted Virtualization-Secure Nested Paging (**SEV-SNP**). This talk, a collaborative effort with Lucas Daniel Lans, Andy, and Michael, introduces the first attack capable of fully breaking the integrity of SEV-SNP, a trusted execution environment (TEE) designed to protect virtual machines (VMs) from malicious hypervisors. CacheWarp achieves its devastating effects through the precise abuse of a single, often overlooked, x86 instruction: `INVD`.
AI review
This is a groundbreaking technical research presentation that definitively breaks AMD SEV-SNP's integrity guarantees. By demonstrating precise, software-controlled fault injection via `INVD` abuse, the researchers unveil a novel attack primitive leading to full-chain RCE and privilege escalation, forcing critical re-evaluation of TEE security models and leading to vendor patches.