A group of academics from KU Leuven and the University of Birmingham has demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors.
“We built a simple, $50 interposer that sits quietly in the memory path, behaving transparently during startup and passing all trust checks,” researchers Jesse De Meulemeester, David Oswald, Ingrid Verbauwhede, and Jo Van Bulck said on a website publicizing the findings. “Later, with just a flip of a switch, our interposer turns malicious and silently redirects protected addresses to attacker-controlled locations, allowing corruption or replay of encrypted memory.”
Battering RAM compromises Intel’s Software Guard Extensions (SGX) and AMD’s Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) hardware security features, which ensure that customer data remains encrypted in memory and protected during use.
It affects all systems using DDR4 memory, specifically those relying on confidential computing workloads running in public cloud environments to secure data from the cloud service provider using hardware-level access control and memory encryption.
The attack, in a nutshell, involves leveraging a custom-built, low-cost DDR4 interposer hardware hack to stealthily redirect physical addresses and gain unauthorized access to protected memory regions. The interposer makes use of simple analog switches to actively manipulate signals between the processor and memory, and can be built for less than $50.
On Intel platforms, Battering RAM achieves arbitrary read access to victim plaintext or write plaintext into victim enclaves, whereas on AMD systems, the attack can be used to sidestep recent firmware mitigations against BadRAM, which was documented by the researchers back in December 2024, and introduce arbitrary backdoors into the virtual machine without raising any suspicion.
Successful exploitation of the vulnerability can allow a rogue cloud infrastructure provider or insider with limited physical access to compromise remote attestation and enable the insertion of arbitrary backdoors into protected workloads.
The vulnerability was reported to the vendors earlier this year, following which Intel, AMD, and Arm responded that physical attacks are currently considered out of scope. However, defending against Battering RAM would require a fundamental redesign of memory encryption itself, the researchers noted.
“Battering RAM exposes the fundamental limits of the scalable memory encryption designs currently used by Intel and AMD, which omit cryptographic freshness checks in favor of larger protected memory sizes,” they added. “Battering RAM […] is capable of introducing memory aliases dynamically at runtime. As a result, Battering RAM can circumvent Intel’s and AMD’s boot-time alias checks.”
The disclosure comes as AMD released mitigations for attacks dubbed Heracles and Relocate-Vote disclosed by the University of Toronto and ETH Zürich, respectively, that can leak sensitive data from cloud environments and confidential virtual machines that rely on AMD’s SEV-SNP technology by means of a malicious hypervisor.
“The system lets the hypervisor move data around to manage memory efficiently,” David Lie, director of the Schwartz Reisman Institute (SRI) at the University of Toronto, said. “So when data is relocated, AMD’s hardware decrypts it from the old location and re-encrypts it for the new location. But, what we found was that by doing this over and over again, a malicious hypervisor can learn recurring patterns from within the data, which could lead to privacy breaches.”
Last month, ETH Zürich researchers also demonstrated that a CPU optimization known as the stack engine can be abused as a side channel for attacks that lead to information leakage. A proof-of-concept (PoC) has been developed for AMD Zen 5 machines, although it’s believed that all models have this “abusable hardware feature.”
The discovery of Battering RAM also follows a report from Vrije Universiteit Amsterdam researchers about a new, realistic attack technique referred to as L1TF Reloaded that combines L1 Terminal Fault (aka Foreshadow) and Half-Spectre gadgets (aka incomplete Spectre-like code patterns) to leak memory from virtual machines running on public cloud services.
“L1TF is a CPU vulnerability that allows an (attacker) VM to speculatively read any data residing in the (core-local) L1 data cache – including data the VM shouldn’t have access to,” VUSec researchers said. “At a high level, L1TF Reloaded abuses this to obtain an arbitrary RAM read primitive.”
Google, which provided the researchers with a sole-tenant node in order to conduct the research safely without potentially affecting any other customers, awarded a $151,515 bug bounty and “applied fixes to the affected assets.” Amazon said the L1TF Reloaded vulnerability does not impact the guest data of AWS customers running on the AWS Nitro System or Nitro Hypervisor.
Spectre, which first came to light in early 2018, continues to haunt modern CPUs, albeit in the form of different variants. As recently as two weeks ago, academics from ETH Zürich devised a new attack known as VMScape (CVE-2025-40300, CVSS score: 6.5) that breaks virtualization boundaries in AMD Zen CPUs and Intel Coffee Lake processors.
Described as a Spectre branch target injection (Spectre-BTI) attack targeting the cloud, it exploits isolation gaps across host and guest in user and supervisor modes to leak arbitrary memory from an unmodified QEMU process. A software fix has been introduced in the Linux kernel to counter the cross-virtualization BTI (vBTI) attack primitive.
“VMScape can leak the memory of the QEMU process at the rate of 32 B/s on AMD Zen 4,” the authors said in a study. “We use VMScape to find the location of secret data and leak the secret data, all within 772 s, extracting the cryptographic key used for disk encryption/decryption as an example.”
