A newly disclosed hardware vulnerability in AMD processors threatens the foundation of confidential computing, allowing attackers to hijack secure virtual machines through a novel "freeze-release" mechanism that manipulates how CPUs track memory.
StackWarp, revealed by researchers at the CISPA Helmholtz Center, exploits a synchronization failure in the stack engine—a performance optimization feature present in all AMD Zen processors from 2017's Zen 1 through 2024's Zen 5 architecture.
The flaw centers on an undocumented control bit in model-specific register (MSR) 0xC0011029 that enables or disables stack pointer tracking.
Here's the critical issue: when a malicious cloud provider toggles this bit from one CPU thread, it triggers a cascade effect on the sibling thread running a customer's encrypted virtual machine. Stack operations like function calls complete their memory writes, but the CPU "freezes" the architectural update to the stack pointer—the register tracking where in memory the program is working. Later, re-enabling the engine "releases" this accumulated offset in one burst, deterministically shifting the stack pointer by up to 640 bytes.
"The primitive requires no access to guest plaintext, gadget placement, or injected interrupts visible inside the guest," the research team noted, emphasizing how StackWarp operates beneath traditional security monitoring.
Researchers demonstrated devastating real-world attacks: extracting RSA-2048 private keys with a single corrupted signature via precise stack manipulation during cryptographic operations, completely bypassing OpenSSH authentication by shifting the stack 32 bytes to skip password verification, and escalating unprivileged users to root by corrupting the return value of system calls.
The vulnerability specifically targets AMD's SEV-SNP technology, marketed to enterprises as protection for sensitive cloud workloads against compromised infrastructure. Every major cloud provider offering AMD-powered confidential computing faces exposure.
AMD responded by assigning CVE-2025-29943 and distributing microcode patches to enterprise customers. The immediate workaround—disabling simultaneous multithreading (SMT/hyperthreading)—effectively halves the number of available CPU cores, creating painful trade-offs between security and performance.
Organizations running confidential workloads should verify patch deployment and evaluate whether SMT can be safely disabled until comprehensive hardware-level fixes arrive in future processor generations.