Chipmaker AMD has released a fix to address a security flaw called RMPocalypse that can be exploited to undermine the confidential computing guarantees provided by Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP).
According to researchers Benedict Schlüter and Shweta Shinde from ETH Zurich, the attack exploits AMD’s imperfect protections to enable a single memory write to the Reverse Map Paging (RMP) table, a data structure used to store security metadata for all DRAM pages in a system.
According to AMD’s specification document, “The Reverse Map Table (RMP) is a structure that resides in DRAM and maps system physical addresses (sPA) to guest physical addresses (gPA).” “There is only one RMP for the entire system, and it is configured using x86 model-specific registers (MSRs).”
“RMP also includes various security attributes, each managed by the hypervisor through hardware-mediated and firmware-mediated controls.”
AMD leverages something called the Platform Security Processor (PSP) to initialize the RMP, which is critical to enabling SEV-SNP on the platform. RMPocalypse exploits a memory management flaw in this initialization step to allow an attacker to access sensitive information, violating SEV-SNP’s confidentiality and integrity protections.
The core of the problem is the lack of adequate safeguards within the security mechanisms themselves. This is a catch-22 situation that results from RMP not being fully protected when a virtual machine boots, effectively opening the door to RMP corruption.
“This gap could allow an attacker with remote access to bypass certain protections and manipulate virtual machine environments that are supposed to be securely isolated,” ETH Zurich said. “This vulnerability can be exploited to activate hidden functionality (such as debug mode), simulate security checks (so-called authentication forgery), restore a previous state (replay attacks), and even inject external code.”
Researchers have found that a successful exploit of RMPocalypse could allow a malicious attacker to arbitrarily modify the execution of a Confidential Virtual Machine (CVM) and extract all sensitive information with a 100% success rate.
In response to this finding, AMD assigned the vulnerability CVE identifier CVE-2025-0033 (CVSS v4 score: 5.9) and described it as a race condition that can occur while an AMD Secure Processor (ASP or PSP) initializes RMP. This could allow a malicious hypervisor to manipulate the initial RMP content, potentially causing SEV-SNP guest memory to become inconsistent.
“Improper access controls within AMD SEV-SNP could allow an attacker with administrative privileges to write to the RMP during SNP initialization, resulting in a loss of SEV-SNP guest memory integrity,” the chipmaker noted in an advisory released Monday.
AMD has revealed that the following chipsets are affected by this flaw:
AMD EPYC™ 7003 Series Processors AMD EPYC™ 8004 Series Processors AMD EPYC™ 9004 Series Processors AMD EPYC™ 9005 Series Processors AMD EPYC™ Embedded 7003 Series Processors (fixes to be released in November 2025) AMD EPYC™ Embedded 8004 Series Processors AMD EPYC™ Embedded 9004 Series Processors AMD EPYC™ Embedded 9004 Series Processors AMD EPYC™ Embedded 9005 Series Processors (fixes to be released in November 2025)
Microsoft and Supermicro have also acknowledged CVE-2025-0033, and the Windows maker says it is working on a fix on Azure Confidential Computing (ACC) AMD-based clusters. Supermicro said affected motherboard SKUs require a BIOS update to address the flaw.
“RMPocalypse shows that AMD’s platform protection mechanisms are not foolproof, leaving a small possibility for an attacker to maliciously overwrite RMP during initialization,” the researchers said. “Due to the design of RMP, a single overwrite of 8 bytes within RMP will subsequently compromise the entire RMP.”
“Compromising the RMP invalidates all SEV-SNP integrity guarantees. The RMPocalypse case study shows that an attacker-controlled RMP not only defeats integrity, but also leads to a complete breach of confidentiality.”
The development comes weeks after a group of academics from the Universities of Leuven and Birmingham demonstrated a new vulnerability called Battering RAM that bypasses modern defenses on Intel and AMD cloud processors.
Source link
