If You Can Dodge A Rowhammer, You Can Dodge SEV
If you happen to be running an Epyc processor in your servers you should be scheduling some time to patch it, as a vulnerability in Secure Encrypted Virtualization technology has been revealed. If you are running SEV firmware version 0.17 build 11 and below you should follow the link over at The Register to get your hands on the patch and instructions. Without the upgrade it is possible for an attacker with access to your system to feed it doctored code which will allow them to capture and then piece together the private key which AMD’s SEC depends on to keep your data secure.
The description of SEC and how this attack works is much more interestingly technical than we usually see in a release, so it is worth reading through to learn about how this Epyc feature works, as well as what is required to try to exploit it.
The attacker has to have access to the management interfaces of SEV with sufficient privileges. That may or may not be admin privileges depending on how SEV is being used.