AMD Epyc and Ryzen Pro have SEV vulnerability

[James 6]

The AMD Epyc server chips, and processors from the Ryzen Pro line have an encryption feature called Secure Encrypted Virtualization (SEV).

In theory the SEV is protected by encryption on the fly. However the page-wise encryption lacks integrity protection. An adjacent host-level administrator can craft a web environment that returns plaintext of memory locations. By observing encrypted usage of the memory locations by the target user it is possible to identify and then re-map the memory to a new user.

Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel have published their findings at https://arxiv.org/pdf/1805.09604.pdf