A few days ago a team of Researchers have unveiled a new attack concept called «BadRAM» Listed under CVE-2024-21944, this attack can Compromise Protected Environments Using the SEV-SNP Extension on AMD Processors, bypassing the authentication mechanism. This attack requires, in most cases, physical access to memory modules and the ability to execute code at the ring0 level on the host system hosting protected virtual environments.
Extensions AMD SEV are designed to ensure memory integrity of virtual machines, protecting them from manipulation and analysis performed by host system administrators operating at the hypervisor level.
Initially, AMD SEV only encrypted guest memory and isolated registers, but the Newer versions of EPYC processors incorporated the SEV-SNP extension (Secure Nested Paging). This extension improves security by checking memory page tables and ensuring that guest system memory cannot be manipulated from the hypervisor.
The mechanism SEV-SNP was implemented with the aim of preventing external entities, such as data center personnel or cloud service providers, from interfering with the operation of protected systems. However, the attack BadRAM uses a different approach that exploits SPD metadata (Serial Presence Detect) of DDR4 and DDR5 modules.
By modifying this metadata, An attacker can overwrite encrypted data in memory from a guest system, without the need to decipher the content, and breach the cryptographic attestation mechanism that ensures the integrity of virtual machines. This could allow, for example, backdoors to be introduced into protected systems without being detected.
The attack works by manipulating the SPD parameters to trick the processor into making to access fictitious memory addresses (these non-existent addresses are redirected to real areas of DRAM that are already in use).
Using this technique, An attacker can create a multiple mapping in physical memorya, by having different addresses point to the same memory space. This not only bypasses the CPU’s memory protection mechanisms, but also enables access to real encrypted data through dummy addresses. In short, the method allows attackers to interfere with encrypted data and violate the security guarantees established by SEV-SNP.
An alarming aspect of the attack is the ease with which it can be carried out. With a simple programmer which costs about 10 dollars, cBuilt with a Raspberry Pi Pico microcontroller, a connector for memory modules and a power supply, an attacker can make the necessary modifications.
Even in systems where the memory chips do not have a write-back lock in SPD, The attack can be executed completely programmatically, without physical access to the hardware. This is possible through malicious BIOS updates or the manipulation of configurable memory modules, such as Corsair's RGB-lit ones. In cloud environments, this vulnerability can also be exploited by rogue administrators.
The effectiveness of the attack has been demonstrated in two ways:
- The possibility of replicating encrypted text stored in memory was verified, allowing encrypted data to be modified without knowing its content.
- The SEV-SNP certification mechanism, used to ensure the integrity of protected virtual machines, was bypassed. The latter allows an attacker to replace a legitimate virtual machine with a compromised one, hiding malicious activities such as the installation of backdoors.
The problem affects AMD 3rd and 4th generation EPYC series processors and about the problem AMD I report that has released an update which aims to prevent this type of manipulation.
On the Intel side, it is worth mentioning that Scalable SGX and TDX technologies are not vulnerable to this attack, as they include necessary controls from their design. On the other hand, the classic Intel SGX technology, which was obsolete in 2021, is partially susceptible, allowing only the reading of encrypted data without rewriting.
finally if you are interested in knowing more about it, you can check the details in the following link