ETH Zürich researchers have uncovered an important new vulnerability in confidential cloud environments, called RMPocalypse. This weakness allows malware to control the execution flow of confidential virtual machines (CVMs). It poses a major risk to cloud security, particularly for workloads leveraging AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) technology. Only a few weeks after the disclosure of another vulnerability named Battering RAM, this find came to light. It emphasizes the persistent security problems that cloud computing grapples with.
With RMPocalypse, attackers can exfiltrate sensitive data from CVMs with astonishing ease and a guaranteed success rate of 100%. The vulnerability takes advantage of the Reverse Map Table (RMP). This critical structure, stored in dynamic random-access memory (DRAM), maps system physical addresses to guest physical addresses. AMD’s publicly available specification documentation plainly says that the system has a RMP, singular. This RMP is set up through x86 model-specific registers (MSRs).
Implications of RMPocalypse
The implications of RMPocalypse are severe. In particular, an attacker can what is effectively take control over the RMP. This breach severely undermines the objectivity of SEV-SNP and violates confidentiality in its entirety. ETH Zürich attackers illustrated well how overwriting only eight bytes in the RMP table can compromise the entire RMP structure. Together, this seemingly harmless change creates a major security hole.
“Due to the design of the RMP, a single overwrite of 8 bytes within the RMP causes the entire RMP to become subsequently compromised.” – Researchers
They went on to describe how an attacker could take control of the RMP. Once this occurs, all protective measures provided by SEV-SNP are rendered ineffective.
“With a compromised RMP, all integrity guarantees of SEV-SNP become void. RMPocalypse case studies show that an attacker-controlled RMP not only voids the integrity but also results in a full breach of confidentiality.” – Researchers
This vulnerability should be alarming to all organizations who trust cloud service providers with processing and storing highly sensitive data.
Connection to Battering RAM
This finding couldn’t be more timely. This comes hot on the heels of the Battering RAM attack announcement, which exposed major flaws in cloud processor security. Researchers from KU Leuven and the University of Birmingham have demonstrated an alternative approach. Battering RAM successfully bypasses these same defenses on the latest Intel and AMD cloud processors.
RMPocalypse and Battering RAM are two separate vulnerabilities. They underscore the critical importance of strengthening security protections in cloud computing environments. The increasing amount of these vulnerabilities points to an alarming issue with the current architectural designs of cloud processors. These designs fail to protect sensitive information effectively through design.
AMD’s Response and Future Considerations
In recognition of these discoveries, AMD has conceded the perilous nature of the RMP in its SEV-SNP innovation. The company downplayed the dangers of inadequate access control. An unprivileged or malicious attacker with administrator privileges might be able to exploit this weakness to write to the RMP during SNP initialization and compromise the memory integrity of SEV-SNP guests.
“Improper access control within AMD SEV-SNP could allow an admin-privileged attacker to write to the RMP during SNP initialization, potentially resulting in a loss of SEV-SNP guest memory integrity,” – AMD
The ETH Zürich researchers have disclosed the RMPocalypse vulnerability to the parties involved. This disclosure has raised awareness and provided opportunities to reinforce security best practices within confidential computing environments. AMD’s current public documentation, such as document 56860.pdf, provides extensive information about the RMP and its settings.