A group of researchers from Levven, Lubeck, and Birmingham Universities developed the attack method Badram (cve-2024-21944), which allows bypassing the authenticity confirmation mechanism and compromising environments protected using the SEV-SNP expansion in AMD processors. To carry out the attack, an attacker typically needs physical access to memory modules and the ability to execute code at ring0 level on the server safeguarding the enclosed guests.
The AMD SEV (Secure Encrypted Virtualization) extension aims to ensure the integrity and protection of virtual machines from interference and analysis by the host system administrator capable of executing code at the hypervisor level. Initially, AMD SEV protection only encrypted the contents of guest system memory and isolated registers, but later on, AMD EPYC processors implemented the SEV-SNP (Secure Nested Paging) extension for secure memory page operations, ensuring memory integrity and preventing alterations by the hypervisor.
The AMD SEV-SNP mechanism was designed to prevent unauthorized access by service providers or data center personnel to secure guest systems. The Badram attack method proposed enables the bypassing of the provided guarantees through metadata alteration in SPD (Serial Presence Detect) in DDR4 or DDR5 memory modules. A successful attack allows an attacker to manipulate data in guest system memory (encrypted form) and circumvent the certification mechanism, potentially injecting backdoors into a SEV-SNP protected virtual machine.
The attack exploits fictitious memory module parameters, prompting the processor to reference non-existent addresses within existing memory areas. By modifying the SPD, the attacker can cause the memory module to report a size greater than its actual capacity, creating a mapping from a fictional memory location to a real DRAM area used in encrypted guest systems. This results in different addresses pointing to the same physical memory, allowing the attacker to bypass CPU memory protection mechanisms.
