{“lastseen”:”2025-10-14T12:03:34″,”description”:”\\n\\nChipmaker AMD has released fixes to address a security flaw dubbed **RMPocalypse** that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).\\n\\nThe attack, per ETH Z\u00fcrich researchers Benedict Schl\u00fcter and Shweta Shinde, exploits AMD’s incomplete protections that make it possible to perform a single memory write to the Reverse Map Paging (RMP) table, a data structure that’s used to store security metadata for all DRAM pages in the system.\\n\\n\\”The Reverse Map Table (RMP) is a structure that resides in DRAM and maps system physical addresses (sPAs) to guest physical addresses (gPAs),\\” according to AMD’s specification documentation. \\”There is only one RMP for the entire system, which is configured using x86 model-specific registers (MSRs).\\”\\n\\n\\”The RMP also contains various security attributes of each that are managed by the hypervisor through hardware-mediated and firmware-mediated controls.\\”\\n\\nAMD makes use of what’s called a Platform Security Processor (PSP) to initialize the RMP, which is crucial to enabling SEV-SNP on the platform. RMPocalypse exploits a memory management flaw in this initialization step, allowing attackers to access sensitive information in contravention of SEV-SNP’s confidentiality and integrity protections.\\n\\nAt the heart of the problem is a lack of adequate safeguards for the security mechanism itself — something of a catch-22 situation that arises as a result of RMP not being fully protected when a virtual machine is started, effectively opening the door to RMP corruption.\\n\\n\\n\\n\\”This gap could allow attackers with remote access to bypass certain protective functions and manipulate the virtual machine environment, which is intended to be securely isolated,\\” ETH Z\u00fcrich said. \\”This vulnerability can be exploited to activate hidden functions (such as a debug mode), simulate security checks (so-called attestation forgeries) and restore previous states (replay attacks) \u2013 and even to inject foreign code.\\”\\n\\nSuccessful exploitation of RMPocalypse can allow a bad actor to arbitrarily tamper with the execution of the confidential virtual machines (CVMs) and exfiltrate all secrets with 100% success rate, the researchers found. \\n\\nIn response to the findings, AMD has assigned the CVE identifier CVE-2025-0033 (CVSS v4 score: 5.9) to the vulnerability, describing it as a race condition that can occur while the AMD Secure Processor (ASP or PSP) is initializing the RMP. As a result, it could allow a malicious hypervisor to manipulate the initial RMP content, potentially resulting in loss of SEV-SNP guest memory integrity.\\n\\n\\”Improper access control within AMD SEV-SNP could allow an admin-privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity,\\” the chipmaker noted in its advisory released Monday.\\n\\nAMD has revealed that the following chipsets are impacted by the flaw -\\n\\n * AMD EPYC\u2122 7003 Series Processors\\n * AMD EPYC\u2122 8004 Series Processors\\n * AMD EPYC\u2122 9004 Series Processors\\n * AMD EPYC\u2122 9005 Series Processors\\n * AMD EPYC\u2122 Embedded 7003 Series Processors (Fix planned for release in November 2025)\\n * AMD EPYC\u2122 Embedded 8004 Series Processors\\n * AMD EPYC\u2122 Embedded 9004 Series Processors\\n * AMD EPYC\u2122 Embedded 9004 Series Processors\\n * AMD EPYC\u2122 Embedded 9005 Series Processors (Fix planned for release in November 2025)\\n\\n\\n\\nMicrosoft and Supermicro have also acknowledged CVE-2025-0033, with the Windows maker stating that it’s working to remediate it in Azure Confidential Computing’s (ACC) AMD-based clusters. Supermicro said impacted motherboard SKUs require a BIOS update to address the flaw.\\n\\n\\n\\n\\”RMPocalypse shows that AMD’s platform protection mechanisms are not complete, thus leaving a small window of opportunity for the attacker to maliciously overwrite the RMP on initialization,\\” the researchers said. \\”Due to the design of the RMP, a single overwrite of 8 bytes within the RMP causes the entire RMP to become subsequently compromised.\\”\\n\\n\\”With a compromised RMP, all integrity guarantees of SEV-SNP become void. RMPocalypse case studies show that an attacker-controlled RMP not only voids the integrity but also results in a full breach of confidentiality.\\”\\n\\nThe development comes weeks after a group of academics from KU Leuven and the University of Birmingham demonstrated a new vulnerability called Battering RAM to bypass the latest defenses on Intel and AMD cloud processors.\\n\\nFound this article interesting? Follow us on Google News, Twitter and LinkedIn to read more exclusive content we post.\\n”,”published”:”2025-10-14T11:45:00″,”modified”:”2025-10-14T11:49:44″,”type”:”thn”,”title”:”RMPocalypse: Single 8-Byte Write Shatters AMD’s SEV-SNP Confidential Computing”,”source”:””,”references”:””,”id”:”THN:846687AF96EC2847748C04456B44ABBE”,”bulletinFamily”:”info”,”cwe”:null,”cvelist”:[“CVE-2025-0033″],”sourceData”:””,”sourceHref”:””,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/thehackernews.com\/2025\/10\/rmpocalypse-single-8-byte-write.html”,”category_name”:”News”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:”AI processing failed – returned non-JSON response”,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2025-10-14T12:03:34″,”description”:”\\n\\nChipmaker AMD has released fixes to address a security flaw dubbed **RMPocalypse** that could be exploited to undermine confidential computing guarantees provided by Secure Encrypted…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[6,8,12,13,33,7,11,43,5],"class_list":["post-21408","post","type-post","status-publish","format-standard","hentry","category-category_news","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-security","tag-tapic","tag-thn","tag-vulnerability"],"yoast_head":"\n