Key Findings

• Researchers have disclosed a new hardware vulnerability, codenamed "StackWarp", affecting AMD Zen 1 through Zen 5 processors.

• The flaw can be exploited to bypass AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) protections, allowing attackers to run malicious code within confidential virtual machines (CVMs).

• StackWarp targets a synchronization bug in the CPU's stack engine, a microarchitectural optimization responsible for accelerated stack operations.

• The vulnerability enables an attacker to deterministically control the stack pointer inside a protected VM, allowing them to hijack control and data flow for remote code execution and privilege escalation.

• Proof-of-concept exploits demonstrate how StackWarp can be used to bypass OpenSSH password authentication and obtain root-level access in SEV-SNP environments.

Background

AMD Secure Encrypted Virtualization (SEV) is a CPU extension designed to provide a higher level of security for virtual machines (VMs) running on untrusted hypervisors. The latest iteration, SEV-SNP, enhances this protection by preventing the hypervisor from modifying the contents of a VM's memory.

However, the newly disclosed StackWarp vulnerability shows that this security guarantee can still be undermined. The flaw targets a microarchitectural optimization called the "stack engine", which is responsible for managing stack pointer updates in the CPU frontend.

StackWarp: Exploiting the Stack Engine

The stack engine tracks a speculative "running delta" of stack pointer changes to improve performance, periodically merging this delta back into the architectural stack pointer register. StackWarp exploits a synchronization issue in this process, allowing an attacker to deterministically control the stack pointer inside a protected VM.

By manipulating the stack pointer, the attacker can hijack control and data flow, leading to remote code execution and privilege escalation within the SEV-SNP environment. This enables bypassing security mechanisms like OpenSSH password authentication and obtaining root-level access.

Impact and Mitigation

The StackWarp vulnerability affects a wide range of AMD processors, including the EPYC 7003, 8004, 9004, and 9005 series, as well as the corresponding EPYC Embedded processors.

AMD has released microcode updates to address the issue, with additional AGESA patches scheduled for April 2026. Cloud providers and system administrators are advised to apply these updates and consider temporarily disabling hyperthreading on affected systems to mitigate the risk.

The discovery of StackWarp highlights the importance of carefully examining microarchitectural optimizations and their potential security implications, even in the context of hardware-based isolation mechanisms like SEV-SNP.

Sources

• https://thehackernews.com/2026/01/new-stackwarp-hardware-flaw-breaks-amd.html

• https://stackwarpattack.com/

• https://www.cyberkendra.com/2026/01/amd-cpus-expose-critical-flaw-stackwarp.html