A bunch of teachers from KU Leuven and the College of Birmingham has demonstrated a brand new vulnerability referred to as Battering RAM to bypass the most recent defenses on Intel and AMD cloud processors.
“We constructed a easy, $50 interposer that sits quietly within the reminiscence path, behaving transparently throughout startup and passing all belief checks,” researchers Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck stated on a web site publicizing the findings. “Later, with only a flip of a swap, our interposer turns malicious and silently redirects protected addresses to attacker-controlled places, permitting corruption or replay of encrypted reminiscence.”
Battering RAM compromises Intel’s Software program Guard Extensions (SGX) and AMD’s Safe Encrypted Virtualization with Safe Nested Paging (SEV-SNP) {hardware} security options, which be certain that buyer information stays encrypted in reminiscence and guarded throughout use.
It impacts all techniques utilizing DDR4 reminiscence, particularly these counting on confidential computing workloads working in public cloud environments to safe information from the cloud service supplier utilizing hardware-level entry management and reminiscence encryption.
The assault, in a nutshell, includes leveraging a custom-built, low-cost DDR4 interposer {hardware} hack to stealthily redirect bodily addresses and achieve unauthorized entry to protected reminiscence areas. The interposer makes use of straightforward analog switches to actively manipulate indicators between the processor and reminiscence, and will be constructed for lower than $50.
On Intel platforms, Battering RAM achieves arbitrary learn entry to sufferer plaintext or write plaintext into sufferer enclaves, whereas on AMD techniques, the assault can be utilized to sidestep current firmware mitigations in opposition to BadRAM, which was documented by the researchers again in December 2024, and introduce arbitrary backdoors into the digital machine with out elevating any suspicion.
Profitable exploitation of the vulnerability can permit a rogue cloud infrastructure supplier or insider with restricted bodily entry to compromise distant attestation and allow the insertion of arbitrary backdoors into protected workloads.
The vulnerability was reported to the distributors earlier this yr, following which Intel, AMD, and Arm responded that bodily assaults are presently thought-about out of scope. Nevertheless, defending in opposition to Battering RAM would require a elementary redesign of reminiscence encryption itself, the researchers famous.
“Battering RAM exposes the elemental limits of the scalable reminiscence encryption designs presently utilized by Intel and AMD, which omit cryptographic freshness checks in favor of bigger protected reminiscence sizes,” they added. “Battering RAM […] is able to introducing reminiscence aliases dynamically at runtime. In consequence, Battering RAM can circumvent Intel’s and AMD’s boot-time alias checks.”
The disclosure comes as AMD launched mitigations for assaults dubbed Heracles and Relocate-Vote disclosed by the College of Toronto and ETH Zürich, respectively, that may leak delicate information from cloud environments and confidential digital machines that depend on AMD’s SEV-SNP expertise by way of a malicious hypervisor.
“The system lets the hypervisor transfer information round to handle reminiscence effectively,” David Lie, director of the Schwartz Reisman Institute (SRI) on the College of Toronto, stated. “So when information is relocated, AMD’s {hardware} decrypts it from the previous location and re-encrypts it for the brand new location. However, what we discovered was that by doing this time and again, a malicious hypervisor can be taught recurring patterns from throughout the information, which may result in privateness breaches.”
Final month, ETH Zürich researchers additionally demonstrated {that a} CPU optimization generally known as the stack engine will be abused as a aspect channel for assaults that result in data leakage. A proof-of-concept (PoC) has been developed for AMD Zen 5 machines, though it is believed that each one fashions have this “abusable {hardware} function.”
The invention of Battering RAM additionally follows a report from Vrije Universiteit Amsterdam researchers a few new, real looking assault approach known as L1TF Reloaded that mixes L1 Terminal Fault (aka Foreshadow) and Half-Spectre devices (aka incomplete Spectre-like code patterns) to leak reminiscence from digital machines working on public cloud companies.
“L1TF is a CPU vulnerability that permits an (attacker) VM to speculatively learn any information residing within the (core-local) L1 information cache – together with information the VM should not have entry to,” VUSec researchers stated. “At a excessive degree, L1TF Reloaded abuses this to acquire an arbitrary RAM learn primitive.”
Google, which offered the researchers with a sole-tenant node in an effort to conduct the analysis safely with out probably affecting some other clients, awarded a $151,515 bug bounty and “utilized fixes to the affected belongings.” Amazon stated the L1TF Reloaded vulnerability doesn’t influence the visitor information of AWS clients working on the AWS Nitro System or Nitro Hypervisor.
Spectre, which first got here to mild in early 2018, continues to hang-out fashionable CPUs, albeit within the type of totally different variants. As just lately as two weeks in the past, teachers from ETH Zürich devised a brand new assault generally known as VMScape (CVE-2025-40300, CVSS rating: 6.5) that breaks virtualization boundaries in AMD Zen CPUs and Intel Espresso Lake processors.
Described as a Spectre department goal injection (Spectre-BTI) assault concentrating on the cloud, it exploits isolation gaps throughout host and visitor in consumer and supervisor modes to leak arbitrary reminiscence from an unmodified QEMU course of. A software program repair has been launched within the Linux kernel to counter the cross-virtualization BTI (vBTI) assault primitive.
“VMScape can leak the reminiscence of the QEMU course of on the price of 32 B/s on AMD Zen 4,” the authors stated in a examine. “We use VMScape to seek out the placement of secret information and leak the key information, all inside 772 s, extracting the cryptographic key used for disk encryption/decryption for instance.”
