BadRAM Vulnerability (CVE-2024-21944): Researchers Uncover Security Flaw in AMD SEV

A collaborative research effort has exposed a significant vulnerability, designated CVE-2024-21944 and named “BadRAM,” that undermines the integrity of AMD’s Secure Encrypted Virtualization (SEV) technology. This security flaw permits malicious actors to bypass SEV protections and access encrypted memory regions, potentially jeopardizing sensitive data in cloud environments.

The vulnerability, detailed in a report by researchers from KU Leuven, the University of Lübeck, and the University of Birmingham, stems from the ability to manipulate the Serial Presence Detect (SPD) chip embedded in DRAM modules. By providing false information to the processor during system startup, attackers can create “ghost” addresses that alias existing memory locations, effectively circumventing memory access controls.

This communication happens via a specialized chip known as SPD. During startup, this chip informs the processor about the available memory.

The researchers demonstrated that with readily available equipment costing under $10, they could successfully exploit this vulnerability to compromise SEV-protected virtual machines (VMs), even those utilizing the latest SEV-SNP security enhancements. This attack vector enables adversaries to forge remote attestation reports and inject undetectable backdoors, eroding trust in the SEV ecosystem.

“BadRAM for the first time studies the security risks of bad RAM — rogue memory modules that deliberately provide false information to the processor during startup,” the researchers state.

While the attack necessitates physical access to the DRAM modules to modify the SPD chip, the researchers emphasize the potential risk in cloud environments where malicious insiders or unauthorized personnel could tamper with hardware. Additionally, the report highlights the possibility of software-based attacks if DRAM manufacturers fail to adequately secure the SPD chip, leaving it susceptible to modification by privileged software or a compromised BIOS.

AMD has addressed this vulnerability by releasing firmware updates that implement secure validation of memory configurations during the processor boot sequence. System administrators and cloud providers are strongly advised to deploy these updates to mitigate the risk posed by BadRAM.

Related Posts:

• Apple Confirmed that All Mac and iOS Devices Are Affected by Chip Vulnerability
• AMD push security update to patch 13 security vulnerabilities
• AMD responds to security vulnerabilities: It will be completely repaired in the coming weeks
• AMD suffers multiple class actions due to Specter vulnerabilities