Today we reveal StackWarp: a new CPU vulnerability exploiting a synchronization bug in AMD’s stack engine across Zen 1–5 CPUs. It enables deterministic manipulation of Confidential VM's stack pointer, allowing RCE and privilege escalation via both control- and data-flow hijacking

If an SMT sibling disables it, the RSP delta becomes 'frozen' and is only released to a future execution context when the bit is toggled again. While the underlying bug exists across Zen 1-5, it only poses a security risk in specific scenarios, like within confidential computing.

To clear up some confusion: the root cause lies in the stack engine, a CPU frontend optimization that manages the Stack Pointer (RSP) to reduce backend overhead. We discovered that an undocumented MSR bit acts as a toggle for this optimization. (1/2)

New StackWarp Attack Threatens Confidential VMs on AMD Processors

Blogpost:

For more details on the discovery process and our findings, we refer to our research paper, which is published at USENIX Security 2026. paper: https://t.co/Z8ozxKUqIv github: https://t.co/9guHTl8lDu \cc Tristan Hornetz, @weber_daniel, @fth0mas, @misc0110

The program for uASC'26 is online https://t.co/HKLjyiNEkl We have some very interesting papers which are already available, so be sure to check them out. Better yet, join us in Leuven next month to listen to the authors! Registration is still open and free but seats are limited.

🔓 Heracles @acm_ccs'25: Breaking AMD’s Confidential Computing! We show that the hypervisor can read and move hardware-encrypted memory on AMD SEV-SNP. We build a chosen-plaintext oracle to leak kernel memory, auth keys, and cookies from "confidential" VMs https://t.co/upHXpLqSeA

I am chairing the second edition of the microarchitecture security conference (uASC'26). Paper deadline for the first cycle is July 15. Please spread the word, submit, and/or join us in charming Leuven in February 2026! More info:

long embargo, but there is a demo with good music at least:

✅ Write constant-time crypto code ☠️ Compiler introduces timing side-channels Do Compilers Break Constant-time Guarantees? https://t.co/x0f0GCmcjC TL;DR: Yes!🥲 👏👏👏Great work @misc0110 & team!

https://t.co/JE68XbHamM Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

Super excited to present our (L. Niemann, @____salmon____, @jan__reineke, @misc0110) newest paper at #ACSAC2024! We show how modern CPU hardware can be leveraged to stop side-channel attacks almost instantly (~200 CPU cycles)! Code/Paper: https://t.co/EEBfQ3uFTC

Excited to announce the release of the Rapid Data Analysis (RDA) framework! RDA streamlines side-channel analysis with plotting, processing, and analysis tools—usable directly from the terminal or in scripts. Check it out: https://t.co/ICGNWGRN1t #SideChannel

🤔 Want to know how we developed a hardware fuzzer that found the GhostWrite vulnerability? 🔓 This critical hardware flaw bypasses all security isolations on affected CPUs, raising serious concerns for security. 👉 https://t.co/UT5zxJNsxq #rowhammer #hardware #hw_ioNL2024

Congratulations Andi! It's been awesome working with you. Good luck with everything ahead!

First week as a Research Intern at @Google! Excited to dive into cutting-edge research and solve real-world problems.

Want to learn how to get root on the T-Head C910 #RISCV CPU within seconds? Visit our website https://t.co/SSWlMiBI9C covering the #GhostWrite vulnerability. #BlackHat #BHUSA

After a long embargo, I'm happy to announce the public launch of our website on our latest finding: GhostWrite. Our research uncovered a critical CPU bug that compromises all security isolations on affected RISC-V hardware. https://t.co/qcVTOZOq4w #GhostWrite #BlackHat #BHUSA

With the #GhostWrite CPU vulnerability, all isolation boundaries are broken - sandbox/container/VM can't prevent GhostWrite from writing and reading arbitrary physical memory on affected RISC-V CPUs. Deterministic, fast, and reliable - no side channels. https://t.co/qtmosPvuYl