Researchers claim an AMD security flaw could let hackers access encrypted data
Using only a $10 test rig, researchers were able to pull off the badRAM attack
Researchers have exposed an issue with the memory implementation on AMD’s data center chips that could threaten the integrity of data, but the chipmaker has hit back at the claims.
In a paper due to be presented at IEEE in 2025, researchers from University of Lübeck, KU Leven, and University of Birmingham highlighted a potential weakness in AMD’s secure encrypted virtualization (SEV) technology.
Dubbed ‘badRAM’, the paper outlines how attackers could manipulate the SEV system to allow unauthorized access to encrypted memory on the processor.
In a post dedicated to explaining the badRAM attack, researchers explained how the SEV technology was intended to protect processor memory in virtual machine (VM) environments through encryption.
“AMD's Secure Encrypted Virtualization (SEV) is a cutting-edge technology that protects privacy and trust in cloud computing by encrypting a virtual machine's (VM's) memory and isolating it from advanced attackers, even those compromising critical infrastructure like the virtual machine manager or firmware.”
But the paper warned that if correctly exploited the threat actors could access data used by the microprocessor, and potentially read and even overwrite the encrypted content.
The researchers further detailed the underlying premise of the exploit, whereby attackers could use “rogue memory modules” to deliberately provide false information to the processor during startup.
Using a test rig that cost them just $10, kitted out with a Raspberry Pi Pico, and a DIMM socket to hold the RAM, the team was able to successfully exploit the flaw by fiddling with the serial presence detect (SPD) metadata to circumvent the SEV encryption.
“We found that tampering with the embedded SPD chip on commercial DRAM modules allows attackers to bypass SEV protections — including AMD’s latest SEV-SNP version,” the badRAM.eu website explains.
“For less than $10 in off-the-shelf equipment, we can trick the processor into allowing access to encrypted memory. We build on this BadRAM attack primitive to completely compromise the AMD SEV ecosystem, faking remote attestation reports and inserting backdoors into any SEV-protected VM.”
BadRAM flaw only medium severity due to high barrier to entry for attackers
In a security bulletin issued by AMD the chip giant outlined the issue, tracked as SB-3015 as follows.
“A team of researchers has reported to AMD that it may be possible to modify serial presence detect (SPD) metadata to make an attached memory module appear larger than it is, potentially allowing an attacker to overwrite physical memory.”
The CVE description described the issue as stemming from improper input validation for DIM SPD metadata that would allow an attacker with certain levels of access to potentially overwrite guest memory.
The issue was only classified as a medium severity threat warranting a 5.3 rating on the CVSS owing to the high level of access required by a potential attacker.
RELATED WHITEPAPER
AMD said the issue is better described as a memory implementation issue, rather than an AMD product vulnerability, adding that the barriers to executing the attack are very high, explaining it being given a medium severity rating.
In a statement given to ITPro, AMD outlined the types of access that an attacker would need to exploit the issue, providing some mitigation strategies clients can take.
“AMD believes exploiting the disclosed vulnerability requires an attacker either having physical access to the system, operating system kernel access on a system with unlocked memory modules, or installing a customized, malicious BIOS,” AMD advised.
“AMD recommends utilizing memory modules that lock Serial Presence Detect (SPD), as well as following physical system security best practices. AMD has also released firmware updates to customers to mitigate the vulnerability.”
-
Scalper bots are running riot as memory shortages continueNews DataDome says bots are driving up the price of DRAM even further thanks to AI demand
-
Xiaomi Pad 8 Pro reviewReviews Xiaomi's newest entry offers strong performance, a vibrant 11-inch screen and a blockbuster battery life to maximize productivity
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
-
CVEs are set to top 50,000 this year, marking a record high – here’s how CISOs and security teams can prepare for a looming onslaughtNews While the CVE figures might be daunting, they won't all be relevant to your organization
-
Microsoft patches six zero-days targeting Windows, Word, and more – here’s what you need to knowNews Patch Tuesday update targets large number of vulnerabilities already being used by attackers
-
Experts welcome EU-led alternative to MITRE's vulnerability tracking schemeNews The EU-led framework will reduce reliance on US-based MITRE vulnerability reporting database
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Two Fortinet vulnerabilities are being exploited in the wild – patch nowNews Arctic Wolf and Rapid7 said security teams should act immediately to mitigate the Fortinet vulnerabilities
-
Everything you need to know about Google and Apple’s emergency zero-day patchesNews A serious zero-day bug was spotted in Chrome systems that impacts Apple users too, forcing both companies to issue emergency patches
