All news with #sev-snp tag

TEE.Fail: DDR5 physical interposition exposes CPU TEE keys

🔓 A team of researchers from Georgia Tech, Purdue University and security firm Synkhronix disclosed TEE.Fail, a side‑channel that inspects DDR5 memory traffic to extract secrets from processor TEEs. Using an inexpensive interposition device built from off‑the‑shelf parts for under $1,000, the technique can recover attestation and signing keys from Intel SGX/TDX and AMD SEV‑SNP with Ciphertext Hiding, and can be used to undermine GPU confidential computing. Vendors assert that physical bus attacks remain out of scope.

AMD issues patches for RMPocalypse flaw in SEV-SNP

⚠️ AMD released mitigations and firmware/BIOS updates to address a vulnerability dubbed RMPocalypse, which ETH Zürich researchers Benedict Schlüter and Shweta Shinde say can be triggered by a single 8-byte overwrite of the Reverse Map Paging (RMP) table during SEV‑SNP initialization. The flaw, assigned CVE-2025-0033, stems from a race condition in the AMD Secure Processor/Platform Security Processor (PSP/ASP) that could allow an admin-privileged or malicious hypervisor to modify initial RMP content and void SEV‑SNP integrity guarantees. AMD listed impacted EPYC families and provided vendor guidance; Microsoft and Supermicro have acknowledged the issue and are working on remediations.

VMScape: Practical Spectre v2 Sandbox Escape in VMs

⚠️ Researchers at ETH Zurich published a paper demonstrating VMScape, a practical Spectre v2 (branch target injection) attack that escapes a guest VM to read host memory in virtualized environments. The team showed AMD Zen1–Zen5 CPUs and older Intel Coffee Lake servers can be abused to exfiltrate secrets from a default-configured VM. The issue was assigned CVE-2025-40300 and a Linux kernel patch is available; hardware protections such as SEV/SEV-SNP and TDX are recommended mitigations.