Ku Leuven and a group of academics at the University of Birmingham demonstrated a new vulnerability Abusive Rum Bypass the latest defenses of Intel and AMD cloud processors.
“We quietly sat in the memory path and built a simple $50 interposer that behaves transparently during startups and passes all trust checks,” researchers Jesse de Muhlemes, David Oswald, Ingrid Barbauede and Joe Van Brook said on the website publishing their findings. “Later, simply flip the switch over and the interposer will spin maliciously, silently redirecting the protected address to an attacker-controlled location, allowing for corruption and replay of encrypted memory.”
Butterram features Intel’s Software Guard Extension (SGX) and AMD’s Secure-Nested Paging (SEV-SNP) hardware security features.
It uses DDR4 memory to impact all systems, especially those relying on sensitive computing workloads running in public cloud environments, and protect data from cloud service providers using hardware-level access control and memory encryption.
In a nutshell, this attack leverages custom built, low-cost DDR4 interposer hardware hacking to secretly redirect physical addresses and gain unauthorized access to protected memory areas. Interposers can be built for less than $50 using simple analog switches, actively manipulating signals between the processor and memory.
On the Intel platform, RAM fires up to provide arbitrary read access to the victim’s plain text, or use attacks on AMD systems to avoid recent firmware mitigation to Budrum, documented by researchers in December 2024, or introduce any reverse machine into any reflux without rising.
The successful exploitation of vulnerabilities limits physical access to enable fraudulent cloud infrastructure providers or insiders to compromise remote proofs and insert any backdoor into protected workloads.
The vulnerability was reported to vendors earlier this year, and then Intel, AMD and ARM responded that physical attacks are currently considered out of range. However, researchers pointed out that protecting against abuse RAM requires a basic redesign of memory encryption itself.
“Batting RAM exposes the basic limitations of the scalable memory encryption design that Intel and AMD currently use. “Batting RAM (…) can dynamically introduce memory aliases at runtime. As a result, bombarding RAM will avoid Boot-Time Alias Checks from Intel and AMD.”
This disclosure comes when AMD released an attack called Hercules and a relaxation for a repositioning voice disclosed by the University of Toronto and EthZürich, respectively.
“We are a great source of energy,” said David Lee, director of the Schwarz-Risman Institute (SRI) at the University of Toronto. “So when data is relocated, AMD hardware decrypts it from its old location and re-encrypts it to its new location. But what we found is that doing this over and over again allows malicious hypervisors to learn patterns repeatedly from within the data, which could lead to privacy violations.”
Last month, researchers at EthZürich also demonstrated that CPU optimization, known as stack engines, can be abused as a side channel for attacks that lead to information leakage. A proof of concept (POC) has been developed for AMD Zen 5 machines, and all models are believed to have this “abusable hardware feature.”
The discovery of Batting RAM follows a report from researchers at Vrije Universiteit Amsterdam about a new realistic attack technique called L1TF reload, which combines an L1-terminal fault (also known as Foreshadow) with a half-spectral gadget, and a new realistic attack technique that combines leaked memory from Memichines, which runs a public cloud service.
“L1TF is a CPU vulnerability that allows (attacker) VMs to speculatively read data residing in the (Core-Local) L1 data cache, including data that the VM cannot access,” said a VUSEC researcher. “At a high level, L1TF abuses this and gets primitive to get any RAM.”
Google provided researchers with only tenant nodes to conduct research safely without affecting other customers, and awarded a $151,515 bug award and “fixes applied to affected assets.” Amazon said that the L1TF reloaded vulnerability does not affect guest data for AWS customers running on AWS Nitro System or Nitro Hypervisor.
The Spector, first revealed in early 2018, continues to plague modern CPUs, albeit in a variety of forms. Two weeks ago, scholars at EthZürich devised a new attack known as VMScape (CVE-2025-40300, CVSS score: 6.5) that breaks the virtualization boundary of AMD Zen CPUs and Intel Coffee Lake processors.
It is described as a cloud-targeted Spector Branch Target Injection (SPectre-BTI) attack, which leverages the separation gap between user and supervisor mode hosts and guests to leak arbitrary memory from unfixed QEMU processes. Software fixes have been introduced in the Linux kernel to counter the primitive cross-virtualized BTI (VBTI) attacks.
“VMScape can leak memory of the Qemu process at a rate of 32 b/s on an AMD Zen 4,” the authors said in their study. “Use VMScape to find the location of the secret data, leak the secret data all within 772 seconds, and extract the encryption key used for disk encryption as an example.”
