SEV is a feature that uses one security key per VM to isolate guests and the hypervisor from one another. Those keys are managed by the AMD Secure Processor. It is a hardware-level feature that gives each guest VM its own security key to encrypt and decrypt portions of RAM as needed. The idea is to protect data in memory from being accessed by unauthorized users.
That is how it works in theory, anyway. Back in February, security researchers discovered a bug in the code that could allow an attacker to run what is called an invalid curve attack. Without getting too technical, this has to do with the elliptic-curve algorithm a VM uses to generate keys.
"Through ongoing collaboration with industry researchers AMD became aware that, if using the user-selectable AMD secure encryption feature on a virtual machine running the Linux operating system, an encryption key could be compromised by manipulating the encryption technology’s behavior," AMD told The Register.
"AMD released firmware-based cryptography updates to our ecosystem partners and on the AMD website to remediate this risk."
It's not clear how much of a real-world threat this exploit truly poses. According to AMD, an attacker would need access to the management interfaces of SEV with "sufficient privileges." Depending on how the SEV is used, that may or may not be admin privileges, AMD said.