TL;DR
Researchers at CISPA disclosed a microarchitectural flaw called StackWarp that can let a host-controlled thread subvert AMD SEV‑SNP virtual machines by manipulating the stack engine. AMD issued patches in July 2025 and labeled the issue low severity, but OEM firmware updates and wider rollouts are still required.
What happened
A team from the CISPA Helmholtz Center for Information Security reported a microarchitectural vulnerability affecting AMD Zen processors that undermines protections offered by SEV‑SNP confidential VMs. The flaw, named StackWarp and tracked as CVE‑2025‑29943, exploits an undocumented control bit in a core-scoped model-specific register (MSR 0xC0011029). By flipping bit 19 while running a sibling hyperthread, an attacker can desynchronize the CPU frontend's stack engine and force incorrect stack‑pointer behavior inside a protected guest. The researchers demonstrated recoveries of RSA‑2048 private keys, bypasses of OpenSSH and sudo password checks, and kernel‑level code execution by corrupting the guest stack. The team published a paper scheduled for USENIX Security 2026 and released proof‑of‑concept code on GitHub. AMD was notified and provided patches in July 2025; the vendor characterized the vulnerability as low severity, and the article notes that OEM firmware updates are needed to complete remediation.
Why it matters
- Breaks integrity guarantees of SEV‑SNP confidential VMs when simultaneous multithreading (SMT) is enabled.
- Enables high-impact outcomes—private key recovery and privilege escalation—despite VM isolation features.
- Requires both vendor patches and OEM firmware rollouts, so some systems may remain exposed after vendor fixes.
- Highlights the difficulty of securing multi‑tenant cloud environments at the microarchitectural level.
Key facts
- The vulnerability is named StackWarp and assigned CVE‑2025‑29943.
- Discovered and reported by CISPA researchers Ruiyi Zhang, Tristan Hornetz, Daniel Weber, Fabian Thomas, and Michael Schwarz.
- Affects AMD Zen CPUs when SEV‑SNP is used and SMT (hyperthreading) is enabled.
- Attack abuses an undocumented control bit (bit 19) in MSR 0xC0011029 to manipulate the CPU's stack engine.
- Researchers demonstrated attacks that recovered RSA‑2048 keys, bypassed OpenSSH and sudo passwords, and achieved ring‑0 code execution.
- AMD released patches in July 2025 and issued a security bulletin classifying the issue as low severity.
- Proof‑of‑concept exploit code has been published to GitHub.
- Stack engine is a CPU frontend optimization that tracks stack‑pointer deltas to reduce synchronization with the backend.
What to watch next
- OEM firmware update rollouts and their timelines to complete the remediation already provided by AMD.
- Cloud providers' advisories and configuration guidance for SEV‑SNP and SMT settings (not confirmed in the source).
- Reports of in‑the‑wild exploitation or abuse of the published proof‑of‑concept (not confirmed in the source).
- Followups from AMD or other researchers about additional mitigations or detection methods.
Quick glossary
- SEV‑SNP: AMD Secure Encrypted Virtualization – Secure Nested Paging, a technology intended to isolate virtual machines from the hypervisor and host.
- SMT (Simultaneous Multithreading): A CPU feature that allows a single core to execute multiple threads concurrently by sharing core resources.
- Model‑Specific Register (MSR): A CPU register used for controlling processor features and behaviour; many MSRs are architected and some are implementation‑specific or undocumented.
- Stack pointer: A CPU register that tracks the top of the call stack, used to manage function calls, local variables, and return addresses.
Reader FAQ
Has a patch been released?
AMD provided patches in July 2025; OEM firmware updates are required to fully remediate.
How severe is the bug?
AMD designated the vulnerability as low severity in its security bulletin.
Who discovered StackWarp?
Researchers at the CISPA Helmholtz Center for Information Security identified and reported the issue.
Is there public exploit code?
Proof‑of‑concept code has been published to GitHub.
Does this affect Intel processors?
not confirmed in the source
SECURITY Flipping one bit leaves AMD CPUs open to VM vuln Fix landed in July, but OEM firmware updates are required Thomas Claburn Thu 15 Jan 2026 // 21:11 UTC If you use virtual…
Sources
- Flipping one bit leaves AMD CPUs open to VM vuln
- New StackWarp Attack Threatens Confidential VMs on …
- How a Catch-22 Breaks AMD SEV-SNP
Related posts
- US Lowers Taiwan Tariffs to Secure $250B Pledge for U.S. Chipmaking
- Taiwan Pledges $250B Investment to U.S. Semiconductor Industry
- Svelte ecosystem CVEs: five vulnerabilities patched across core packages