A serious security flaw in computer memory has been discovered, prompting worldwide fixes to AMD processors.
The issue, caused by a vulnerability nicknamed “BadRAM,” involves rogue memory modules that can trick the computer’s processor into exposing sensitive data or disrupting operations.
Researchers from KU Leuven (Belgium), the University of Luebeck (Germany), and the University of Birmingham (UK) found that attackers can tamper with the computer’s memory to bypass AMD’s security protections, specifically a technology called Secure Encrypted Virtualization (SEV).
SEV is used to safeguard sensitive information in shared cloud environments by encrypting a virtual machine’s memory and isolating it from advanced threats.
The problem lies in the computer’s memory modules, known as DRAM, which communicate important information—like size, speed, and configuration—to the processor during startup.
This information is stored on a small chip called SPD.
By altering the SPD chip, attackers can make the memory module “lie” about its configuration, tricking the processor into accessing fake or “ghost” memory regions.
Professor Oswald, one of the researchers, explained how this exploit works: “Using cheap, off-the-shelf equipment, we were able to trick the processor into accessing protected memory.
This creates aliases—two CPU addresses that map to the same DRAM location—allowing attackers to bypass security measures.”
The discovery showed that the vulnerability could expose sensitive data in cloud environments or disrupt systems entirely. Cloud computing providers, in particular, were at risk because they handle massive amounts of data from various users on shared servers, making them an attractive target for attackers.
In response, AMD has released firmware updates to fix the issue. These updates ensure that the memory configuration is securely validated when the processor boots up, preventing attackers from exploiting the BadRAM flaw.
The researchers have also published a website explaining the vulnerability and its potential risks. Despite the seriousness of the flaw, Professor Oswald reassured users: “We worked closely with AMD to implement countermeasures, so there’s no need to worry if your system is up-to-date. Most cloud providers have already applied the updates.”
This discovery highlights the importance of keeping devices secure by installing updates regularly. While the BadRAM flaw has been addressed, it underscores the need for continued vigilance in securing modern computing systems, especially in shared environments like the cloud.
The research not only resolved a critical vulnerability but also improved AMD’s ability to safeguard data against future threats, ensuring stronger protection for users worldwide.
