Researchers have disclosed technical details on a new AMD processor attack that allows remote code execution inside confidential VMs.
January 15, 2026 By Eduard Kovacs
A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed the details of a new hardware vulnerability affecting AMD processors.
Dubbed StackWarp, the issue has been found to impact AMD Zen 1 through Zen 5 processors, enabling an attacker to hack confidential virtual machines (CVMs).
The researchers described StackWarp as a software-based architectural attack that “exploits a synchronization failure in the stack engine that manages stack pointer updates in the CPU frontend”.
Exploitation of the vulnerability enables a malicious VM host to manipulate the guest VM’s stack pointer to hijack control and data flows, enabling remote code execution and privilege escalation inside CVMs.
The CISPA researchers have demonstrated the impact of the attack in several attack scenarios, including reconstructing an RSA-2048 private key, circumventing OpenSSH password authentication, bypassing Sudo’s password prompt, and achieving kernel-mode code execution in a VM.
Conducting these types of attacks typically requires privileged control over the host server running the CVMs. Attacks could be launched by rogue employees of a cloud provider or a sophisticated threat actor that has gained access to the provider’s systems.
While the chances of such an attack being conducted in the wild are small, the StackWarp attack shows that AMD’s SEV-SNP, which is designed to encrypt VM memory to protect it even against the cloud provider, can be undermined without the attacker ever seeing decrypted memory.
“These findings demonstrate that CVM execution integrity—the very defense SEV-SNP aims to offer—can be effectively broken: Confidential keys and passwords can be stolen, attackers can impersonate legitimate users or gain persistent control of the system, and isolation between guest VMs and the host or other VMs can no longer be relied upon,” the researchers said.
AMD has been informed about the vulnerability and published an advisory on Thursday. The chip giant has assigned the flaw a low severity rating and told SecurityWeek that patches have been available for the impacted server (EPYC) products since July 2025.
The CVE identifier CVE-2025-29943 has been assigned to the StackWarp vulnerability.
The researchers have set up a dedicated website for StackWarp, and a paper with the full technical details has also been published. Videos showing the attack in action are also available.