StackWarp Hardware Flaw Bypasses AMD SEV-SNP Protections on Zen 1–5 CPUs
Summary
Hide ▲
Show ▼
A new hardware vulnerability, codenamed StackWarp, affects AMD Zen 1 through Zen 5 processors, allowing attackers with privileged control over a host server to manipulate the stack pointer of confidential virtual machines (CVMs). This flaw undermines the integrity guarantees provided by AMD Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP), enabling remote code execution and privilege escalation within CVMs. The vulnerability impacts various AMD EPYC and EPYC Embedded processor series. AMD has characterized the flaw as a medium-severity improper access control bug (CVE-2025-29943, CVSS v4 score: 4.6). The issue can be exploited to expose secrets from SEV-secured environments and compromise VMs in AMD-powered cloud environments. AMD has released microcode updates and plans further patches.
Timeline
-
19.01.2026 13:31 1 articles · 23h ago
StackWarp Hardware Flaw Disclosed Affecting AMD SEV-SNP Protections
A team of academics from the CISPA Helmholtz Center for Information Security disclosed the StackWarp vulnerability, which affects AMD Zen 1 through Zen 5 processors. The flaw allows attackers to manipulate the stack pointer of CVMs, undermining SEV-SNP protections. AMD has released microcode updates and plans further patches.
Show sources
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs — thehackernews.com — 19.01.2026 13:31
Information Snippets
-
StackWarp allows attackers to manipulate the stack pointer of CVMs, enabling remote code execution and privilege escalation.
First reported: 19.01.2026 13:311 source, 1 articleShow sources
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs — thehackernews.com — 19.01.2026 13:31
-
The vulnerability affects AMD Zen 1 through Zen 5 processors, including various EPYC and EPYC Embedded series.
First reported: 19.01.2026 13:311 source, 1 articleShow sources
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs — thehackernews.com — 19.01.2026 13:31
-
AMD has tracked the flaw as CVE-2025-29943 with a CVSS v4 score of 4.6.
First reported: 19.01.2026 13:311 source, 1 articleShow sources
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs — thehackernews.com — 19.01.2026 13:31
-
The flaw can be exploited to recover an RSA-2048 private key from a single faulty signature, bypassing OpenSSH password authentication and sudo's password prompt.
First reported: 19.01.2026 13:311 source, 1 articleShow sources
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs — thehackernews.com — 19.01.2026 13:31
-
AMD has released microcode updates in July and October 2025, with further patches scheduled for April 2026.
First reported: 19.01.2026 13:311 source, 1 articleShow sources
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUs — thehackernews.com — 19.01.2026 13:31