GHSA-g9ww-x58f-9g6m: Contrast BadAML injection allows arbitrary code execution

An attacker with control over the host (which is assumed in the attacker model of Contrast) can execute malicious AML code to gain arbitrary code execution within the confidential guest.

AML is byte code embedded in ACPI tables that are passed from the host (QEMU) to the guest firmware (OVMF), and then passed from OVMF to the Linux kernel. The Linux kernel has an interpreter that executes the AML code. An attacker can craft a table with malicious AML code and the kernel will execute it. AML is Turing-complete and the interpreter has access to the full guest memory, including private pages.

See the paper for a detailed description and background of the attack.

Note that this is not a vulnerability specific to Contrast, but rather a generic vulnerability in Confidential Computing setups that use the ACPI interface.