Send email Copy Email Address

2026-01-15
Annabelle Theobald

StackWarp: New attack technique reveals a vulnerability in cloud security features of AMD processors

After last year’s disclosure of a vulnerability known as CacheWarp, CISPA researcher Ruiyi Zhang has once again discovered a security flaw in AMD processors’ cloud technologies. The newly identified attack method called StackWarp demonstrates how key security features in AMD’s Zen 1 through Zen 5 processor families can be bypassed. Under certain conditions, attackers can manipulate data and gain control over virtual machines—posing a serious risk to cloud services. AMD has been informed and, according to its own statements, has released security updates.

Cloud providers use a technology known as virtualization to run multiple virtual machines (VMs) on a single physical server. These VMs share the available resources—similar to several tenants living in one house, with each having their own separate apartment. In the context of cloud customers, this means they want to share computing power while keeping their data private and protected. To uphold this security promise, AMD developed a technology called SEV (Secure Encrypted Virtualization) for its processors. It encrypts the memory of each individual virtual machine. Even if another VM or the cloud provider tries to access someone else’s data, these protection mechanisms are designed to prevent it. However, Zhang’s research shows that this security guarantee can be circumvented.

 

Key Facts

  • What? New vulnerability “StackWarp” in AMD CPUs (Zen 1–5)

    Who? Discovered by CISPA-Faculty Ruiyi Zhang and colleagues

    Affected? Confidential Virtual Machines (CVMs) using AMD SEV-SNP

    Problem? Bypass of core security mechanisms without accessing plaintext data

    Risks? Program manipulation, authentication bypass

    Practical impact? Attacks demonstrated against OpenSSH, sudo, and RSA keys

    Status? AMD informed, hot-loadable microcode patches have already been released

Where Is the Vulnerability?

The vulnerability affects a very specific but central component of AMD processors: the Stack Engine. “It helps the CPU manage internal intermediate results so programs can run faster. For that it uses an area of memory called the stack. For example, the computer uses it to remember where in a program to resume after a function call,” Zhang explains.

This is where the attack begins: Zhang and his colleagues were able to show that the Stack Engine can be temporarily driven into an erroneous state—specifically when two execution units (hardware threads) simultaneously use the same CPU core, a technique known as simultaneous multithreading or hyperthreading. “By rapidly switching the Stack Engine on and off we were able to create chaos for a brief moment,” the researcher explains. “The CPU continues to write data to the stack, but the so-called stack pointer, i.e., the pointer that tracks the top adress, falls out of step. That can be exploited for various attacks.”

What Can It Accomplish?

By deliberately manipulating the stack pointer, attackers can control a program’s execution flow and bypass important security checks. Thus, they can alter function return values, redirect program execution, skip password checks, or inject and execute their own code. Ultimately, StackWarp enables the complete takeover of a virtual machine—even with memory encryption enabled by SEV-SNP. That directly undermines the protection mechanism intended to ensure isolation and integrity in the cloud. “StackWarp shows that even very small details in the microarchitecture can have a large impact on security,” Zhang says. “Our research is important so that future processors become not only more powerful, but also more secure.”

Who Is Affected?

AMD processors from the Zen 1 to Zen 5 generations are affected when hyperthreading is enabled. In this mode, two execution units share the same processor core to improve performance. The vulnerability therefore does not necessarily occur on every system but depends on the configuration. It is particularly relevant for cloud providers and companies that process sensitive data in virtual machines.

Responsible Disclosure and AMD’s Update

The research team informed AMD at an early stage (Responsible Disclosure), giving the company time to develop countermeasures. According to AMD, hot-loadable microcode patches have already been released to their customers. Affected systems should be updated as soon as possible.

Outlook

With StackWarp, Zhang provides another important contribution to security research in the field of cloud infrastructure. The work highlights that hardware-level security mechanisms must be continuously reviewed. “Our findings are not an attack on cloud technologies, but a contribution to their improvement,” the researcher emphasizes. Only by openly investigating vulnerabilities can systems remain secure in the long term.

Read the Full Paper
Click here to visit the Stackwarp Website