The security mechanism that AMD uses to protect the memory of virtual machines can be bypassed using the $5 single-board Raspberry Pi Pico computer. This was discovered by a group of scientists from Belgium, Germany and Great Britain who developed the BadRAM attack plan.

AMD has developed Secure Encrypted Virtualization (SEV) technology, which enables the creation of a trusted execution environment (TEE). Competitors have similar solutions: Intel’s Software Guard Extensions (SGX) and Trusted Domain Extensions (TDX) as well as Arm Confidential Computing Architecture (CCA). These technologies are used by cloud service providers and ensure that administrators with access to data center equipment cannot copy sensitive information from customers’ virtual machines. By encrypting information in memory, clients of cloud platforms are protected from unreliable service providers and unscrupulous authority representatives.

Scientists have investigated a new version of such a technology: AMD SEV-SNP (Secure Nested Paging), which protects against attacks by memory reallocation from the hypervisor. But as it turned out, this technology has its drawbacks. To bypass memory access restrictions in TEE, a Raspberry Pi Pico single-board computer, DDR slot, and 9V battery are required. The BadRAM attack proposed by scientists involves misusing the mechanisms of the SPD (Serial Presence Detection) chip, which is responsible for identifying the module by the system. With the help of SPD manipulations, aliases are created in physical memory, which allows you to examine its contents for secret information.

During the attack, the apparent size of the DIMM module installed in the system doubles; This allows you to trick the central processor’s memory controller and force it to use additional addressing bits. As a result, the same DRAM location is referenced by two physical addresses. The method works with DDR4 and DDR5 memory. Theoretically, the attack can be performed without physical access to the hardware such as SSH, as some DRAM vendors leave the SPD chip unlocked. This was found on two DDR4 modules from Corsair. To attack DDR3 you need to remove or replace the SPD. AMD SEV-SNP technology is used in Amazon AWS, Google Cloud and Microsoft Azure. Scientists say BadRAM attack scheme allows splicing Undetectable backdoors to any SEV-protected virtual machine “.

Current Intel SGX and TDX technologies are not affected by this vulnerability due to implemented countermeasures that prevent memory aliases from being created. Only the old version of SGX that is no longer used by the manufacturer is vulnerable. Arm CCA is also maintained at specification level, but researchers were unable to verify this due to lack of equipment. The attack diagram and sample code were sent to AMD on February 26, 2024. They plan to present their findings at the IEEE Security and Privacy Symposium in 2025. The company registered the vulnerability under numbers CVE-2024-21944 and AMD-SB-3015; Information about these was published the day before.

AMD believes that exploitation of the disclosed vulnerability requires an attacker to have physical access to the system, access to the operating system kernel, or have a modified malicious BIOS installed. AMD recommends using memory modules with Serial Presence Detection (SPD) disabled and following best practices for physical system security. AMD has also released a firmware update to customers that mitigates this vulnerability.”– the company told the source The Register.