AMD addresses SEV security vulnerability in Epyc CPUs with firmware update
A month or so ago. Cfir Cohen, a member of the Google Cloud security team, alerted AMD about a problem with the Secure Encrypted Virtualization (SEV) functionality of the Epyc processors. This vulnerability could allow an attacker to intercept a secret key that could give access to isolated virtual machines.
This specific vulnerability has been patched but did require a firmware update. The update is named CVE-2019-9836 and it is of course strongly recommended to install that update as quickly as possible. The news about the leak was announced after the problem could be identified and resolved, and that's the way it should go.
At AMD, security remains a top priority and we continue to work to identify any potential risks for our customers. Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology’s behavior. AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk.
Senior Member
Posts: 13100
Joined: 2014-07-21
Huh...
Senior Member
Posts: 2951
Joined: 2013-03-10
What begins? You need to begin a round of updating Epyc servers' firmwares? I guess nobody would be looking forward to such a task, huh.
Senior Member
Posts: 8878
Joined: 2007-06-17
I can't make out what you're trying to say, but I'm glad you tried.
Better than dead silence.
Senior Member
Posts: 2951
Joined: 2013-03-10
I can't make out what you're trying to say, but I'm glad you tried.
Better than dead silence.
That makes two of us since I also couldn't figure out what it is that you believe will begin.
Senior Member
Posts: 8878
Joined: 2007-06-17