AMD issues update to crush hypervisor bug!

AMD has released a new processor Microcode to crush an esoteric bug having the potential to get exploited by virtual machine guests to hijack host servers. Machines using AMD Piledriver CPUs such as Opteron 6300 family of server chips, and specifically CPU microcode versions 0x600832 and 0x6000836 are known to be vulnerable to the flaw.

AMD has admitted that the bug has the ability to create a glitch in a processor core to execute data as software, which crashes the currently running process. The flaw may make a non-root user in a VM to exploit this defect to upset the host system, or trick the host kernel into executing malicious code controlled by the user.

In other words, it is possible on some AMD-powered servers for a normal user in a guest virtual machine to escape to the underlying host and take over the whole shared server.

AMD discovered that its AMD driver patch 6000832 and patch 6000836 are affected by the bug last year. The bug is related to the delivery of non-maskable interrupts and is specific to the aforementioned microcode versions.

AMD has developed a patch to fully resolve the issue and will make the patch available to its partners from the evening hours of Monday, 7 March, 2016

For most affected people, a package update and reboot will ensure the fixed microcode is in place. The new microcode is also expected to appear on the AMD operating system team’s website if they want to install it on a manual note.

The microcode flaw has so far reared its head on systems using QEMU-KVM for virtualization, but it may affect other hypervisors.


One thought on “AMD issues update to crush hypervisor bug!

  1. The microcode patch (new version: 0x600084f) was made available to the general public on 2016-03-17, through a post to the LKML (linux kernel mailing-list).

    Most Linux distributions will pick that patch up and update their packages during the weekend and next week.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s