StackWarp: AMD’s Hardware Flaw Exposes Confidential Cloud VMs to Attack
Executive Summary
In January 2026, researchers disclosed a vulnerability called StackWarp, affecting AMD’s Zen 1 through Zen 5 processor lines, including EPYC models widely used in cloud and enterprise environments. The flaw (CVE-2025-29943) enables privileged threat actors on host servers to manipulate the stack pointer of guest memory in confidential virtual machines (CVMs) secured with AMD SEV-SNP. By exploiting a previously undocumented control bit, attackers can redirect program flow inside targeted VMs, leading to remote code execution, privilege escalation, and exposure of sensitive assets such as cryptographic keys or kernel privileges. AMD published mitigations and microcode updates in July and October 2025, with additional firmware patches pending.
This incident is a compelling example of the persistent risks stemming from microarchitectural attacks bypassing virtualization and memory encryption boundaries. As supply chain, multi-tenant cloud, and confidential computing adoption increases, organizations should regularly assess hardware-layer exposures and stay current on firmware updates to limit high-impact cascades.
Why This Matters Now
The StackWarp vulnerability threatens the foundational trust in confidential computing and hardware-based isolation, particularly in multi-tenant cloud deployments. Organizations relying on AMD SEV-SNP for VM isolation must urgently review their exposure, apply available microcode and firmware updates, and reassess threat models in light of evolving hardware-layer exploits.
Attack Path Analysis
The attack begins as a privileged host or administrator abuses the StackWarp hardware flaw (CVE-2025-29943) to compromise a confidential VM protected by AMD SEV-SNP. Exploiting direct CPU control, the attacker corrupts the VM stack pointer to escalate privileges within the VM, achieving kernel-mode code execution. With elevated rights, the adversary can laterally explore internal east-west VM connections for further access. They establish covert command and control by executing remote code or extracting secrets. Sensitive data, such as RSA private keys, is then exfiltrated from the VM environment. Ultimately, this leads to severe impact, including compromise of authentication mechanisms and integrity of the VM workload.
Kill Chain Progression
Initial Compromise
Description
A malicious or compromised host administrator leverages the undocumented StackWarp hardware flaw to gain unauthorized control over a confidential VM's stack pointer via the hypervisor.
Related CVEs
CVE-2025-29943
CVSS 4.6A write-what-where condition in AMD CPUs may allow an admin-privileged attacker to modify the CPU pipeline configuration, potentially resulting in stack pointer corruption inside an SEV-SNP guest.
Affected Products:
AMD EPYC 7003 Series Processors – All
AMD EPYC 8004 Series Processors – All
AMD EPYC 9004 Series Processors – All
AMD EPYC 9005 Series Processors – All
AMD EPYC Embedded 7003 Series Processors – All
AMD EPYC Embedded 8004 Series Processors – All
AMD EPYC Embedded 9004 Series Processors – All
AMD EPYC Embedded 9005 Series Processors – All
Exploit Status:
no public exploit
MITRE ATT&CK® Techniques
Exploitation for Privilege Escalation
Exploitation for Client Execution
Data Manipulation: Stored Data Manipulation
Modify Authentication Process: Credentials in Files
Data Encrypted for Impact
Resource Hijacking
Exploitation for Defense Evasion
Network Sniffing
Potential Compliance Exposure
Mapping incident impact across multiple compliance frameworks.
PCI DSS 4.0 – Protection of Sensitive Data in Virtual Environments
Control ID: 1.4.2
NYDFS 23 NYCRR 500 – Cybersecurity Policy
Control ID: 500.03
DORA (EU Digital Operational Resilience Act) – ICT Risk Management Framework – Secure Configurations
Control ID: Article 9(2)
CISA Zero Trust Maturity Model (ZTMM) 2.0 – Hardening and Microarchitecture Resilience
Control ID: Identity Pillar – Device Security
NIS2 Directive – Technical and Organizational Measures – Security of Systems and Facilities
Control ID: Article 21
Sector Implications
Industry-specific impact of the vulnerabilities, including operational, regulatory, and cloud security risks.
Information Technology/IT
AMD StackWarp hardware vulnerability critically impacts cloud infrastructure providers using SEV-SNP, enabling privilege escalation and confidential VM compromise across data centers.
Banking/Mortgage
Hardware flaw threatens encrypted financial workloads on AMD processors, allowing RSA key extraction and bypassing authentication controls required for regulatory compliance.
Health Care / Life Sciences
SEV-SNP vulnerability undermines HIPAA-compliant confidential computing environments, exposing protected health information through stack pointer manipulation attacks on AMD systems.
Computer Software/Engineering
Software development environments using AMD confidential VMs face code execution hijacking risks, compromising intellectual property and secure development pipeline integrity.
Sources
- New StackWarp Hardware Flaw Breaks AMD SEV-SNP Protections on Zen 1–5 CPUshttps://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.htmlVerified
- SEV-SNP Guest Stack Pointer Corruption Vulnerabilityhttps://www.amd.com/en/resources/product-security/bulletin/amd-sb-3027.htmlVerified
- CVE-2025-29943 Detailhttps://nvd.nist.gov/vuln/detail/CVE-2025-29943Verified
Frequently Asked Questions
Cloud Native Security Fabric Mitigations and ControlsCNSF
Zero Trust segmentation, east-west traffic controls, and continuous threat detection could have constrained attacker movement and detected unauthorized manipulation—even at the hypervisor layer—limiting privilege escalation, lateral spread, and data exfiltration from compromised VMs.
Control: Cloud Native Security Fabric (CNSF)
Mitigation: Distributed inline controls provide real-time monitoring and policy enforcement, increasing visibility of unauthorized host actions.
Control: Zero Trust Segmentation
Mitigation: Limits scope of compromise by restricting what workloads attackers can access even after privilege escalation.
Control: East-West Traffic Security
Mitigation: Detects and blocks unauthorized lateral movement attempts over internal cloud network paths.
Control: Threat Detection & Anomaly Response
Mitigation: Rapid detection and alerting on abnormal remote access or C2 behaviors within protected networks.
Control: Egress Security & Policy Enforcement
Mitigation: Prevents data loss via enforced outbound traffic filtering and DLP controls.
Enables centralized detection and rapid remedial actions to contain attacker impacts across hybrid/multi-cloud environments.
Impact at a Glance
Affected Business Functions
- Cloud Services
- Virtualization Platforms
Estimated downtime: 3 days
Estimated loss: $500,000
Potential exposure of sensitive data within confidential virtual machines due to stack pointer corruption.
Recommended Actions
Key Takeaways & Next Steps
- • Deploy Zero Trust Segmentation to strictly isolate sensitive VMs and minimize the blast radius if a host-level attack occurs.
- • Enforce granular East-West Traffic Security to block unauthorized lateral movement between workloads, especially across hypervisor domains.
- • Enable inline Threat Detection & Anomaly Response for real-time alerting on anomalous hypervisor or guest VM behaviors.
- • Apply consistent Egress Security & Policy Enforcement to prevent unauthorized exfiltration of secrets or cryptographic material from VMs.
- • Maintain continuous Multicloud Visibility & Control for rapid detection, triage, and containment of incidents spanning hybrid and multi-cloud infrastructure.
