Flipping one bit leaves AMD CPUs open to VM vuln

If you use virtual machines, there's reason to feel less-than-Zen about AMD's CPUs. Computer scientists affiliated with the CISPA Helmholtz Center for Information Security in Germany have found a vulnerability in AMD CPUs that exposes secrets in its secure virtualization environment.

The flaw, dubbed StackWarp, potentially allows a malicious insider who controls a host server to access sensitive data within AMD SEV-SNP guests through attacks designed to recover cryptographic private keys, bypass OpenSSH password authentication, and escalate privileges.

AMD was informed about the vulnerability (CVE-2025-29943), made patches available in July 2025, and has now published a security bulletin designating the issue as low severity.

StackWarp demonstrates yet again that it's difficult to guarantee that virtual computing resources remain isolated from one another on common hardware. It exploits a flaw in the microarchitecture designed to accelerate stack operations.

"The vulnerability can be exploited via a previously undocumented control ...