Now on Demand: Threat Detection and Incident Response (TDIR) Summit - All Sessions Available
Connect with us

Hi, what are you looking for?


Cloud Security

Confidential VMs Hacked via New Ahoi Attacks

New Ahoi attacks Heckler and WeSee target AMD SEV-SNP and Intel TDX with malicious interrupts to hack confidential VMs.

Heckler Ahoi attack

A team of researchers from ETH Zurich has disclosed the technical details of a new type of attack that can be used to compromise confidential virtual machines (CVMs).

The researchers presented two variations of what they call Ahoi attacks. One of them, dubbed Heckler, involves a malicious hypervisor injecting interrupts to alter data and control flow, breaking the integrity and confidentiality of CVMs.

The attack targets hardware-based trusted execution environments, specifically ones relying on AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) and Intel’s Trust Domain Extensions (TDX) technologies, which can be used in cloud platforms. 

AMD SEV-SNP and Intel TDX enable users to deploy and run VMs in the cloud while ensuring that they remain protected from other cloud tenants and the service provider, including its hardware and hypervisor software.

However, hypervisors are still in control of some resource management and configuration tasks, including interrupts, and the ETH Zurich researchers managed to use some interrupts to conduct potentially malicious activities.   

In the case of both the AMD and Intel technologies, the researchers used malicious hypervisors to bypass authentication and gained root access to the targeted CVM. 

Before publicly disclosing their findings, the researchers notified Intel, AMD, AWS, Microsoft and Google. AMD has published an advisory saying that it believes the vulnerability lies in the Linux kernel implementation of SEV-SNP. Intel does not appear to have published an advisory, but the researchers said the company reached the same conclusion as AMD.

Linux kernel patches and mitigations are available. In addition, AMD said it supports hardware security features that should prevent such attacks, but these features are currently not supported in Linux.  

Advertisement. Scroll to continue reading.

As for cloud vendors, Microsoft’s Azure said it’s not impacted, and AWS said EC2 does not rely on the impacted technologies. AWS has confirmed that Amazon Linux is affected and it plans on addressing the kernel issues in a future release. Google has not shared any information on whether or not its cloud services are impacted. 

In a second type of Ahoi attack, dubbed WeSee, which only works against AMD SEV-SNP, the researchers managed to use a special interrupt to obtain sensitive VM information such as kernel TLS session keys, corrupt kernel data to disable firewall rules, and open a root shell.

The CVE identifiers CVE-2024-25744, CVE-2024-25743 and CVE-2024-25742 were assigned to the issues related to Ahoi attacks.

Related: ZenHammer Attack Targets DRAM on Systems With AMD CPUs

Related: Major CPU, Software Vendors Impacted by New GhostRace Attack

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.


SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.


People on the Move

Wendy Zheng named as CFO and Joe Diamond as CMO at cyber asset management firm Axonius.

Intelligent document processing company ABBYY has hired Clayton C. Peddy as CISO.

Digital executive protection services provider BlackCloak has appointed Ryan Black as CISO.

More People On The Move

Expert Insights