Presentation at Black Hat Europe 2024
AML Injection Attacks on Confidential VMs

Satoru Takegoshi (The University of Tokyo) and Manami Mori (Tokyo Metropolitan University), along with Takaaki Fukai (National Institute of Advanced Industrial Science and Technology), presented our research findings at Black Hat Europe 2024, one of the world’s largest security conferences.
This research demonstrated the feasibility of arbitrary code execution from the host on Confidential Virtual Machines (Confidential VMs), a technology gaining popularity in recent years. Confidential VMs are a mechanism that enables the secure use of virtual machines without relying on trust in cloud providers by encrypting the memory contents of virtual machines and performing attestation using CPU functionality.
The proposed AML Injection Attack leverages a legacy interface that allows the hypervisor to dynamically inject ACPI tables after the virtual machine has been launched. This method forces the interpretation and execution of bytecode called ACPI Machine Language (AML), enabling precise manipulation of the memory contents within the guest OS. The study successfully demonstrated arbitrary code execution with kernel privileges in the guest OS.