Researchers claim an AMD security flaw could let hackers access encrypted data

Researchers have exposed an issue with the memory implementation on AMD’s data center chips that could threaten the integrity of data, but the chipmaker has hit back at the claims.

In a paper due to be presented at IEEE in 2025, researchers from University of Lübeck, KU Leven, and University of Birmingham highlighted a potential weakness in AMD’s secure encrypted virtualization (SEV) technology.

Dubbed ‘badRAM’, the paper outlines how attackers could manipulate the SEV system to allow unauthorized access to encrypted memory on the processor.

In a post dedicated to explaining the badRAM attack, researchers explained how the SEV technology was intended to protect processor memory in virtual machine (VM) environments through encryption.

“AMD's Secure Encrypted Virtualization (SEV) is a cutting-edge technology that protects privacy and trust in cloud computing by encrypting a virtual machine's (VM's) memory and isolating it from advanced attackers, even those compromising critical infrastructure like the virtual machine manager or firmware.”

But the paper warned that if correctly exploited the threat actors could access data used by the microprocessor, and potentially read and even overwrite the encrypted content.

The researchers further detailed the underlying premise of the exploit, whereby attackers could use “rogue memory modules” to deliberately provide false information to the processor during startup.

Using a test rig that cost them just $10, kitted out with a Raspberry Pi Pico, and a DIMM socket to hold the RAM, the team was able to successfully exploit the flaw by fiddling with the serial presence detect (SPD) metadata to circumvent the SEV encryption.

“We found that tampering with the embedded SPD chip on commercial DRAM modules allows attackers to bypass SEV protections — including AMD’s latest SEV-SNP version,” the badRAM.eu website explains.

“For less than $10 in off-the-shelf equipment, we can trick the processor into allowing access to encrypted memory. We build on this BadRAM attack primitive to completely compromise the AMD SEV ecosystem, faking remote attestation reports and inserting backdoors into any SEV-protected VM.”

BadRAM flaw only medium severity due to high barrier to entry for attackers

In a security bulletin issued by AMD the chip giant outlined the issue, tracked as SB-3015 as follows.

“A team of researchers has reported to AMD that it may be possible to modify serial presence detect (SPD) metadata to make an attached memory module appear larger than it is, potentially allowing an attacker to overwrite physical memory.”

The CVE description described the issue as stemming from improper input validation for DIM SPD metadata that would allow an attacker with certain levels of access to potentially overwrite guest memory.

The issue was only classified as a medium severity threat warranting a 5.3 rating on the CVSS owing to the high level of access required by a potential attacker.

AMD said the issue is better described as a memory implementation issue, rather than an AMD product vulnerability, adding that the barriers to executing the attack are very high, explaining it being given a medium severity rating.

In a statement given to ITPro, AMD outlined the types of access that an attacker would need to exploit the issue, providing some mitigation strategies clients can take.

“AMD believes exploiting the disclosed vulnerability requires an attacker either having physical access to the system, operating system kernel access on a system with unlocked memory modules, or installing a customized, malicious BIOS,” AMD advised.

“AMD recommends utilizing memory modules that lock Serial Presence Detect (SPD), as well as following physical system security best practices. AMD has also released firmware updates to customers to mitigate the vulnerability.”