Zen Chips, Broken Promises: StackWarp Flaw Undermines AMD’s Most Trusted Security

In the high-stakes world of cloud computing, trust is currency. For years, AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) has been sold as a digital fortress - keeping cloud tenants’ secrets safe from prying eyes, even those of the host. But a team of German researchers just cracked open the vault. Their discovery, codenamed StackWarp, exposes a back door in AMD’s Zen 1 through Zen 5 processors, leaving supposedly confidential virtual machines startlingly vulnerable to privileged attackers.

StackWarp isn’t your average software bug. Instead, it’s a hardware-level flaw, lurking deep within the “stack engine” that speeds up stack operations on AMD’s modern chips. The culprit: a subtle, undocumented control bit accessible to hypervisor admins. By leveraging this hidden switch, an attacker running a parallel hyperthread can nudge the stack pointer inside a supposedly isolated VM, steering its execution or leaking sensitive data - all without ever decrypting its memory directly.

The impact is severe. Researchers demonstrated attacks that extract private RSA keys from cloud VMs and bypass authentication prompts, opening the door to full system compromise. The flaw affects a wide swath of AMD’s server lineup, including EPYC 7003, 8004, 9004, and 9005 series - chips powering countless enterprise and cloud environments worldwide. Even embedded variants are in the crosshairs.

StackWarp is tracked as CVE-2025-29943 and rated “medium” by AMD. But security experts warn the real risk depends on the threat model. In multi-tenant clouds where admins or malicious insiders might gain hypervisor access, the stakes skyrocket. The vulnerability builds on prior attacks like CacheWarp, further eroding confidence in hardware-enforced VM isolation.

AMD has scrambled to issue microcode updates for most affected chips, though some fixes for embedded models won’t arrive until April 2026. In the meantime, operators are urged to disable hyperthreading on critical systems and apply all available firmware patches. “StackWarp is another example of how subtle microarchitectural effects can undermine system-level security guarantees,” says lead researcher Ruiyi Zhang.

As the arms race between chip designers and security researchers intensifies, StackWarp is a stark reminder: even the strongest hardware shields can harbor invisible cracks. For cloud providers and customers alike, eternal vigilance - and prompt patching - remain the only defenses against tomorrow’s breaches.

WIKICROOK

• SEV: SEV (Secure Encrypted Virtualization) encrypts each virtual machine’s memory, protecting data from unauthorized access in cloud and virtualized environments.
• Stack Pointer: A stack pointer is a CPU register that tracks the top of the stack, managing memory for function calls, local variables, and return addresses.
• Microcode: Microcode is a set of low-level processor instructions that can be updated to fix bugs or add features without replacing the hardware.
• Hypervisor: A hypervisor is software that lets one server run multiple isolated virtual machines, each acting as an independent computer.
• Privilege Escalation: Privilege escalation occurs when an attacker gains higher-level access, moving from a regular user account to administrator privileges on a system or network.