CyberHappenings logo
Home Browse About

Track cybersecurity events as they unfold. Sourced timelines. Filter, sort, and browse. Fast, privacy‑respecting. No invasive ads, no tracking.

Battering RAM Attack Bypasses Intel and AMD Cloud Security Protections

First reported
Last updated
2 unique sources, 3 articles

Summary

Hide ▲

A group of academics from KU Leuven and the University of Birmingham have demonstrated a new vulnerability called Battering RAM. This vulnerability bypasses the latest defenses on Intel and AMD cloud processors, compromising Intel's Software Guard Extensions (SGX) and AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP). The attack leverages a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regions. The vulnerability affects systems using DDR4 memory, particularly those relying on confidential computing workloads in public cloud environments. Successful exploitation can allow a rogue cloud infrastructure provider or insider with limited physical access to compromise remote attestation and enable the insertion of arbitrary backdoors into protected workloads. The vulnerability was reported to the vendors earlier this year, but defending against Battering RAM would require a fundamental redesign of memory encryption itself. The attack is an evolution of the previous BadRAM attack, which exploited physical address aliasing to modify and replay encrypted memory on AMD SEV-SNP systems. The Battering RAM attack introduces dynamic memory aliases at runtime, allowing it to bypass Intel's and AMD's mitigations for BadRAM. Researchers from Georgia Institute of Technology and Purdue University have demonstrated a new attack called WireTap that also bypasses Intel's SGX security guarantees. WireTap uses a DDR4 memory-bus interposer to passively decrypt sensitive data, exploiting Intel's deterministic encryption. The WireTap attack can extract an SGX secret attestation key, allowing an attacker to sign arbitrary SGX enclave reports. WireTap and Battering RAM attacks are complementary, focusing on confidentiality and integrity respectively. WireTap can be used to undermine confidentiality and integrity guarantees in SGX-backed blockchain deployments. Intel and AMD have acknowledged the exploits but consider physical attacks on DRAM out of scope for their current products. Intel's cryptographic integrity protection mode of Intel Total Memory Encryption-Multi-Key (Intel TME-MK) can provide additional protection against alias-based attacks. The researchers' exploits demonstrate that confidential computing is not invincible, and defenders should reevaluate threat models to better understand and prepare for physical attacks.

Timeline

  1. 01.10.2025 20:20 1 articles · 6d ago

    WireTap Attack Demonstrated to Extract Intel SGX ECDSA Key

    Researchers from Georgia Institute of Technology and Purdue University have demonstrated a new attack called WireTap that bypasses Intel's SGX security guarantees. WireTap uses a DDR4 memory-bus interposer to passively decrypt sensitive data, exploiting Intel's deterministic encryption. The WireTap attack can extract an SGX secret attestation key, allowing an attacker to sign arbitrary SGX enclave reports. WireTap and Battering RAM attacks are complementary, focusing on confidentiality and integrity respectively. The article also highlights the potential impact of WireTap on SGX-backed blockchain deployments and Intel's stance on the exploit.

    Show sources
    Open in new tab
  2. 30.09.2025 21:42 3 articles · 7d ago

    Battering RAM Attack Bypasses Intel and AMD Cloud Security Protections

    The attack is an evolution of the previous BadRAM attack, which exploited physical address aliasing to modify and replay encrypted memory on AMD SEV-SNP systems. The Battering RAM attack introduces dynamic memory aliases at runtime, allowing it to bypass Intel's and AMD's mitigations for BadRAM. The attack requires one-time physical access to the hardware system, which could be achieved by an insider or someone in the supply chain. Intel and AMD have acknowledged the exploit but consider physical attacks on DRAM out of scope for their current products. Intel's cryptographic integrity protection mode of Intel Total Memory Encryption-Multi-Key (Intel TME-MK) can provide additional protection against alias-based attacks. The researchers' exploit demonstrates that confidential computing is not invincible, and defenders should reevaluate threat models to better understand and prepare for physical attacks. Researchers from Georgia Institute of Technology and Purdue University have demonstrated a new attack called WireTap that also bypasses Intel's SGX security guarantees. WireTap uses a DDR4 memory-bus interposer to passively decrypt sensitive data, exploiting Intel's deterministic encryption. The WireTap attack can extract an SGX secret attestation key, allowing an attacker to sign arbitrary SGX enclave reports. WireTap and Battering RAM attacks are complementary, focusing on confidentiality and integrity respectively. The article also highlights the potential impact of WireTap on SGX-backed blockchain deployments and Intel's stance on the exploit.

    Show sources
    Open in new tab

Information Snippets

Similar Happenings

UNC5174 Exploits VMware Zero-Day Privilege Escalation Since October 2024

A China-linked threat actor, UNC5174, has been exploiting a zero-day privilege escalation vulnerability in VMware products since mid-October 2024. The flaw, CVE-2025-41244, affects multiple VMware products and allows local attackers to escalate privileges to root on affected virtual machines. The vulnerability was discovered in May 2025 and patched in VMware Tools 12.4.9 and later versions. The flaw is rooted in the get_version() function, which can be exploited by placing a malicious binary in a writable directory. UNC5174 has been observed using this method to gain elevated access and execute code on compromised systems. The exact payload and nature of the attacks remain unclear. Broadcom has confirmed the patch for the vulnerability in VMware Aria Operations and VMware Tools. NVISO released a proof-of-concept exploit demonstrating privilege escalation on vulnerable VMware software. UNC5174 has been linked to previous attacks on U.S. defense contractors, UK government entities, Asian institutions, and the cybersecurity firm SentinelOne, exploiting vulnerabilities such as F5 BIG-IP CVE-2023-46747 and ConnectWise ScreenConnect flaw. The exploitation of CVE-2025-41244 is considered trivial, potentially benefiting multiple malware strains. NVISO identified the vulnerability in mid-May 2025 during an incident response engagement with UNC5174. Broadcom disclosed three vulnerabilities on September 29, 2025, including CVE-2025-41244. The CVSS severity rating for CVE-2025-41244 is 7.8, classified as high.

Open in new tab

Phoenix attack bypasses Rowhammer defenses in DDR5 memory

A new Rowhammer attack variant, Phoenix, bypasses DDR5 Rowhammer defenses in SK Hynix memory chips. The attack exploits specific refresh intervals and synchronization methods to flip bits, enabling privilege escalation, data corruption, or unauthorized access. The vulnerability, tracked as CVE-2025-6202, affects all DDR5 DIMM RAM modules produced between January 2021 and December 2024. The attack was developed by researchers at ETH Zurich University and Google, who demonstrated its effectiveness on 15 DDR5 memory chips. The vulnerability allows attackers to gain root privileges in under two minutes on a commodity DDR5 system. The attack can exploit RSA-2048 keys of a co-located virtual machine to break SSH authentication and use the sudo binary to escalate local privileges to the root user. Mitigation involves tripling the DRAM refresh interval, but this may cause system instability.

Open in new tab

VMScape attack breaks guest-host isolation on AMD, Intel CPUs

A new speculative execution attack named VMScape allows malicious virtual machines (VMs) to leak cryptographic keys from an unmodified QEMU hypervisor process running on modern AMD or Intel CPUs. The attack bypasses existing Spectre mitigations and threatens to leak sensitive data by leveraging speculative execution. It affects all AMD Zen 1 to Zen 5 processors and Intel’s Coffee Lake CPUs, but not Raptor Cove or Gracemont. The attack does not require compromising the host and works on unmodified virtualization software with default mitigations enabled on the hardware. The VMScape attack targets QEMU, the user-mode hypervisor component, by influencing indirect branch prediction in a host user process due to shared Branch Prediction Unit (BPU) structures. The attack uses a Spectre-BTI (Branch Target Injection) technique to misguide a target indirect branch in QEMU, enabling the leakage of secret data. The ETH Zurich research team reported the findings to AMD and Intel, who have released patches and security bulletins. Linux kernel developers have also released patches to mitigate the issue.

Open in new tab

Apple introduces Memory Integrity Enforcement in iPhone 17 and iPhone Air

Apple has introduced Memory Integrity Enforcement (MIE) in its new iPhone 17 and iPhone Air models. MIE provides continuous memory safety protection across critical attack surfaces, including the kernel and over 70 userland processes, without impacting device performance. The feature is designed to prevent memory corruption vulnerabilities, which are often exploited by mercenary spyware in targeted attacks. MIE leverages Enhanced Memory Tagging Extension (EMTE) and Tag Confidentiality Enforcement (TCE) to block common vulnerabilities like buffer overflows and use-after-free bugs. These enhancements make it significantly harder for attackers to exploit memory corruption flaws.

Open in new tab

Two Android zero-day vulnerabilities exploited in targeted attacks

Google has released security updates for September 2025 to address 111 vulnerabilities in Android, including two zero-day flaws actively exploited in targeted attacks. The vulnerabilities, CVE-2025-38352 and CVE-2025-48543, allow for local privilege escalation without additional execution privileges or user interaction. The updates include two patch levels, 2025-09-01 and 2025-09-05, to provide flexibility for Android partners. The flaws affect the Linux Kernel and Android Runtime components. Google has not disclosed specific details about the attacks but has acknowledged limited, targeted exploitation. Benoît Sevens of Google's Threat Analysis Group (TAG) discovered the Linux Kernel flaw, suggesting it may have been used in targeted spyware attacks. The updates also address several other vulnerabilities, including remote code execution, privilege escalation, information disclosure, and denial-of-service issues in Framework and System components. The September 2025 update covers Android 13 through 16 and includes fixes for 27 Qualcomm components, bringing the total number of fixed flaws to 111. The September 2025 Android patches address 111 unique CVEs. The Linux kernel vulnerability (CVE-2025-38352) is a race condition related to POSIX CPU timers. The Android Runtime zero-day (CVE-2025-48543) is resolved in the 2025-09-01 security patch level. The 2025-09-05 security patch level fixes the Linux kernel bug and 51 other issues affecting various components. Google rolled out Pixel security updates resolving 23 vulnerabilities specific to Pixel devices. All vulnerabilities in the Android bulletin are resolved with updates to Wear OS, Pixel Watch, and Automotive OS.

Open in new tab