Researchers from the Technical University of Berlin and the Fraunhofer Institute have uncovered a severe security flaw in AMD's Epyc chips' virtualization.

The researchers disclosed in a study titled 'One glitch to rule them' all that all Epyc server CPUs (Zen, Zen 2, and Zen 3) are vulnerable. It makes use of AMD's secure encrypted virtualization (sev) technology, which makes advantage of the secure processor built into these processors. According to the experts, AMD's safe processor protects virtual machines from external assaults such as hosting software problems and malevolent administrators.

The vulnerability is referred to as a voltage fault injection attack and is based on the ability to modify the read-only memory (ROM) input voltage in the secure processor's bootloader. This enables complete ownership of the source of trust. AMD disclosed earlier this year that it was aware of two security flaws relating to secure encrypted virtualization. Both of these instances involved code injection attacks.

However, the new vulnerability demonstrates that hardware attacks can circumvent the safe processor's security features, despite the fact that the Milan CPUs (Epyc 7003) have received security patches to address software flaws.

Physical access to hardware is required.

AMD Epyc CPUs have a flaw that exposes the Secure Processor under virtualization