The paper "WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP" by Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde from ETH Zurich presents a novel attack called WeSee, which exploits the #VC exception to compromise the security guarantees of AMD Secure Nested Paging (SEV-SNP). SEV-SNP is a hardware-based trusted execution environment that protects VMs from untrusted hypervisors. The attack involves injecting malicious #VC interrupts into a victim VM's CPU, allowing the hypervisor to execute arbitrary code and perform sensitive operations between the VM and the hypervisor. Key points of the attack include: 1. **Malicious #VC Injection**: The hypervisor can inject a malicious #VC interrupt at any time, causing the VM to execute a handler that performs data and register copies. 2. **Handler Execution**: The #VC handler does not verify the authenticity of the root cause, leading to potential security breaches. 3. **Data Exposure**: The handler can be tricked into emulating instructions that write attacker-controlled data to the VM or leak sensitive VM data to the hypervisor. The authors demonstrate four main primitives: - **Skipping Instruction Execution**: Using #VC to skip instructions. - **Leaking Registers**: Reading and writing to registers like rax. - **Corrupting Registers**: Modifying register values. - **Arbitrary Read/Write to VM Memory**: Accessing and modifying memory locations. The attack is demonstrated through three case studies: - **Leaking kTLS keys for NGINX**: The attacker can leak sensitive keys used for TLS encryption. - **Bypassing the Firewall**: The attacker can disable firewall rules. - **Obtaining a Root Shell**: The attacker can inject arbitrary code to gain root access. The paper also discusses potential defenses and highlights the need for robust hardware mechanisms to limit the hypervisor's capabilities. The findings were responsibly disclosed to AMD and cloud providers, and the attack was assigned CVE-2024-25742. The WeSee tooling and PoC exploits are open-source.The paper "WeSee: Using Malicious #VC Interrupts to Break AMD SEV-SNP" by Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde from ETH Zurich presents a novel attack called WeSee, which exploits the #VC exception to compromise the security guarantees of AMD Secure Nested Paging (SEV-SNP). SEV-SNP is a hardware-based trusted execution environment that protects VMs from untrusted hypervisors. The attack involves injecting malicious #VC interrupts into a victim VM's CPU, allowing the hypervisor to execute arbitrary code and perform sensitive operations between the VM and the hypervisor. Key points of the attack include: 1. **Malicious #VC Injection**: The hypervisor can inject a malicious #VC interrupt at any time, causing the VM to execute a handler that performs data and register copies. 2. **Handler Execution**: The #VC handler does not verify the authenticity of the root cause, leading to potential security breaches. 3. **Data Exposure**: The handler can be tricked into emulating instructions that write attacker-controlled data to the VM or leak sensitive VM data to the hypervisor. The authors demonstrate four main primitives: - **Skipping Instruction Execution**: Using #VC to skip instructions. - **Leaking Registers**: Reading and writing to registers like rax. - **Corrupting Registers**: Modifying register values. - **Arbitrary Read/Write to VM Memory**: Accessing and modifying memory locations. The attack is demonstrated through three case studies: - **Leaking kTLS keys for NGINX**: The attacker can leak sensitive keys used for TLS encryption. - **Bypassing the Firewall**: The attacker can disable firewall rules. - **Obtaining a Root Shell**: The attacker can inject arbitrary code to gain root access. The paper also discusses potential defenses and highlights the need for robust hardware mechanisms to limit the hypervisor's capabilities. The findings were responsibly disclosed to AMD and cloud providers, and the attack was assigned CVE-2024-25742. The WeSee tooling and PoC exploits are open-source.