AMD has released a new processor Microcode to crush an esoteric bug having the potential to get exploited by virtual machine guests to hijack host servers. Machines using AMD Piledriver CPUs such as Opteron 6300 family of server chips, and specifically CPU microcode versions 0x600832 and 0x6000836 are known to be vulnerable to the flaw.
AMD has admitted that the bug has the ability to create a glitch in a processor core to execute data as software, which crashes the currently running process. The flaw may make a non-root user in a VM to exploit this defect to upset the host system, or trick the host kernel into executing malicious code controlled by the user.
In other words, it is possible on some AMD-powered servers for a normal user in a guest virtual machine to escape to the underlying host and take over the whole shared server.
AMD discovered that its AMD driver patch 6000832 and patch 6000836 are affected by the bug last year. The bug is related to the delivery of non-maskable interrupts and is specific to the aforementioned microcode versions.
AMD has developed a patch to fully resolve the issue and will make the patch available to its partners from the evening hours of Monday, 7 March, 2016
For most affected people, a package update and reboot will ensure the fixed microcode is in place. The new microcode is also expected to appear on the AMD operating system team’s website if they want to install it on a manual note.
The microcode flaw has so far reared its head on systems using QEMU-KVM for virtualization, but it may affect other hypervisors.