A gaggle of teachers from KU Leuven and the College of Birmingham has demonstrated a brand new vulnerability known as Battering RAM to bypass the newest defenses on Intel and AMD cloud processors.
“We constructed a easy, $50 interposer that sits quietly within the reminiscence path, behaving transparently throughout startup and passing all belief checks,” researchers Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck mentioned on a web site publicizing the findings. “Later, with only a flip of a change, our interposer turns malicious and silently redirects protected addresses to attacker-controlled areas, permitting corruption or replay of encrypted reminiscence.”
Battering RAM compromises Intel’s Software program Guard Extensions (SGX) and AMD’s Safe Encrypted Virtualization with Safe Nested Paging (SEV-SNP) {hardware} security measures, which be certain that buyer knowledge stays encrypted in reminiscence and guarded throughout use.
It impacts all programs utilizing DDR4 reminiscence, particularly these counting on confidential computing workloads working in public cloud environments to safe knowledge from the cloud service supplier utilizing hardware-level entry management and reminiscence encryption.
The assault, in a nutshell, includes leveraging a custom-built, low-cost DDR4 interposer {hardware} hack to stealthily redirect bodily addresses and achieve unauthorized entry to protected reminiscence areas. The interposer makes use of straightforward analog switches to actively manipulate indicators between the processor and reminiscence, and could be constructed for lower than $50.
On Intel platforms, Battering RAM achieves arbitrary learn entry to sufferer plaintext or write plaintext into sufferer enclaves, whereas on AMD programs, the assault can be utilized to sidestep current firmware mitigations towards BadRAM, which was documented by the researchers again in December 2024, and introduce arbitrary backdoors into the digital machine with out elevating any suspicion.
Profitable exploitation of the vulnerability can permit a rogue cloud infrastructure supplier or insider with restricted bodily entry to compromise distant attestation and allow the insertion of arbitrary backdoors into protected workloads.
The vulnerability was reported to the distributors earlier this yr, following which Intel, AMD, and Arm responded that bodily assaults are at present thought of out of scope. Nevertheless, defending towards Battering RAM would require a elementary redesign of reminiscence encryption itself, the researchers famous.
“Battering RAM exposes the elemental limits of the scalable reminiscence encryption designs at present utilized by Intel and AMD, which omit cryptographic freshness checks in favor of bigger protected reminiscence sizes,” they added. “Battering RAM […] is able to introducing reminiscence aliases dynamically at runtime. In consequence, Battering RAM can circumvent Intel’s and AMD’s boot-time alias checks.”
The disclosure comes as AMD launched mitigations for assaults dubbed Heracles and Relocate-Vote disclosed by the College of Toronto and ETH Zürich, respectively, that may leak delicate knowledge from cloud environments and confidential digital machines that depend on AMD’s SEV-SNP know-how by way of a malicious hypervisor.
“The system lets the hypervisor transfer knowledge round to handle reminiscence effectively,” David Lie, director of the Schwartz Reisman Institute (SRI) on the College of Toronto, mentioned. “So when knowledge is relocated, AMD’s {hardware} decrypts it from the previous location and re-encrypts it for the brand new location. However, what we discovered was that by doing this again and again, a malicious hypervisor can study recurring patterns from inside the knowledge, which might result in privateness breaches.”
Final month, ETH Zürich researchers additionally demonstrated {that a} CPU optimization referred to as the stack engine could be abused as a facet channel for assaults that result in info leakage. A proof-of-concept (PoC) has been developed for AMD Zen 5 machines, though it is believed that each one fashions have this “abusable {hardware} characteristic.”
The invention of Battering RAM additionally follows a report from Vrije Universiteit Amsterdam researchers a couple of new, lifelike assault approach known as L1TF Reloaded that mixes L1 Terminal Fault (aka Foreshadow) and Half-Spectre devices (aka incomplete Spectre-like code patterns) to leak reminiscence from digital machines working on public cloud providers.
“L1TF is a CPU vulnerability that enables an (attacker) VM to speculatively learn any knowledge residing within the (core-local) L1 knowledge cache – together with knowledge the VM should not have entry to,” VUSec researchers mentioned. “At a excessive degree, L1TF Reloaded abuses this to acquire an arbitrary RAM learn primitive.”
Google, which offered the researchers with a sole-tenant node so as to conduct the analysis safely with out probably affecting every other prospects, awarded a $151,515 bug bounty and “utilized fixes to the affected belongings.” Amazon mentioned the L1TF Reloaded vulnerability doesn’t influence the visitor knowledge of AWS prospects working on the AWS Nitro System or Nitro Hypervisor.
Spectre, which first got here to mild in early 2018, continues to hang-out trendy CPUs, albeit within the type of completely different variants. As lately as two weeks in the past, teachers from ETH Zürich devised a brand new assault referred to as VMScape (CVE-2025-40300, CVSS rating: 6.5) that breaks virtualization boundaries in AMD Zen CPUs and Intel Espresso Lake processors.
Described as a Spectre department goal injection (Spectre-BTI) assault focusing on the cloud, it exploits isolation gaps throughout host and visitor in consumer and supervisor modes to leak arbitrary reminiscence from an unmodified QEMU course of. A software program repair has been launched within the Linux kernel to counter the cross-virtualization BTI (vBTI) assault primitive.
“VMScape can leak the reminiscence of the QEMU course of on the charge of 32 B/s on AMD Zen 4,” the authors mentioned in a research. “We use VMScape to seek out the placement of secret knowledge and leak the key knowledge, all inside 772 s, extracting the cryptographic key used for disk encryption/decryption for instance.”
