Skip to content

BadRAM flaw in AMD chips exposes cloud computing to hacks

  • by
  • 3 min read

Photo: JHVEPhoto/Shutterstock.com

A new vulnerability in AMD chips could undermine the foundational security of cloud computing. Dubbed ‘BadRAM,’ this exploit enables attackers with physical access to manipulate AMD’s Secure Encrypted Virtualisation (SEV) protections. Hackers can bypass encryption safeguards for as little as $10 in off-the-shelf equipment, potentially exposing sensitive data in virtualised environments.

The vulnerability, which has earned its own branded disclosure website and logo, will be formally detailed at the upcoming ‘IEEE Symposium on Security and Privacy 2025.’ Meanwhile, AMD has already released firmware updates to mitigate the threat, urging users to adopt specific security measures to reduce risks.

AMD’s SEV technology is designed to encrypt memory for virtual machines in cloud environments, ensuring that service providers cannot access client data. However, researchers from a consortium of European universities — KU Leuven (Belgium), University of Luebeck (Germany), and University of Birmingham (UK) — have demonstrated a method to circumvent SEV by exploiting the Serial Presence Detect (SPD) chip on memory modules.

The SPD chip stores metadata about the memory module, including its capacity. By tampering with this chip using inexpensive hardware, attackers can deceive the processor into accessing non-existent or ‘ghost’ memory regions.

The process, known as ‘aliasing,’ allows two CPU addresses to map to the same DRAM location, effectively bypassing AMD’s memory protections.

“We found that tampering with the embedded SPD chip on commercial DRAM modules allows attackers to bypass SEV protections — including AMD’s latest SEV-SNP version. For less than $10 in off-the-shelf equipment, we can trick the processor into allowing access to encrypted memory. We build on this BadRAM attack primitive to completely compromise the AMD SEV ecosystem, faking remote attestation reports and inserting backdoors into any SEV-protected VM,” researchers said.

The implications are serious for cloud computing services such as AWS, Google, Microsoft, and IBM. While exploiting BadRAM requires physical access to the hardware — something that malicious insiders or law enforcement agents could achieve — it underscores vulnerabilities in the physical security of data centres.

The BadRAM exploit could also be adapted for remote attacks if memory module manufacturers fail to lock their SPD chips. In such cases, attackers with kernel-level access could modify the SPD remotely after the system boots, expanding the threat landscape to include remote attackers.

However, researchers reassured that there is no evidence of the vulnerability being exploited in the wild. Furthermore, Intel chips reportedly already include mitigations against such attacks, and the researchers could not test Arm chips as commercial modules were unavailable.

AMD has issued firmware updates to address the vulnerability and recommended several countermeasures. These include using memory modules that lock SPD chips and adhering to strict physical security best practices.

As Recorded Future reports, AMD “believes exploiting the disclosed vulnerability requires an attacker either having physical access to the system, operating system kernel access on a system with unlocked memory modules, or installing a customised, malicious BIOS.”

In the News: Families sue Character AI over teen self-harm and adult chats

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

>