“Battering RAM” Attack Bypasses Security Features on Intel and AMD CPUs
Security researchers have unveiled a hardware attack, dubbed “Battering RAM,” that bypasses advanced memory protections on the latest Intel and AMD processors widely used in cloud infrastructure. While the findings are significant, both manufacturers note that the exploit requires physical access to the target system, limiting its practical threat.
From BadRAM to Battering RAM
The attack was developed by researchers at KU Leuven and the University of Birmingham, the same team that last year demonstrated BadRAM—an attack using about $10 worth of equipment to compromise AMD SEV-SNP (Secure Encrypted Virtualization–Secure Nested Paging).
With Battering RAM, the team has expanded its focus, showing that the technique undermines both Intel SGX (Software Guard Extensions) and AMD SEV-SNP, mechanisms widely relied upon by cloud providers to protect virtual machine memory even from privileged insiders.
How the Attack Works
The proof-of-concept involves a stealthy $50 interposer device inserted between the CPU and DRAM. The interposer connects to the DIMM module and can covertly reroute protected memory addresses to attacker-controlled areas without triggering alarms.
“Our stealthy interposer bypasses memory encryption and modern boot-time protections, remaining invisible to the OS,” the researchers explained. “It provides arbitrary access to unencrypted data in SGX-protected memory and breaks the SEV attestation function on fully patched systems. Ultimately, Battering RAM demonstrates the limitations of modern scalable memory encryption.”
The researchers warn that such an attack could be carried out quickly in real-world conditions by malicious insiders, data center technicians, law enforcement agents, or even actors within the hardware supply chain during production or delivery.
Scope and Limitations
- The prototype currently works only with DDR4 memory, but the researchers note that future designs could target DDR5.
- All technical details needed to reproduce the interposer were published alongside the research paper.
- Unlike software vulnerabilities, this flaw cannot be patched with updates.
Industry Response
Intel and AMD were notified in February 2025. Both companies published security bulletins in tandem with the research release, emphasizing that attacks requiring physical access lie outside the standard threat model for their products.
Intel highlighted that some Xeon processors support Total Memory Encryption – Multi-Key (TME-MK), which may offer additional protection. Both vendors reiterated that physical security remains critical for protecting hardware against such tampering.
