Skip to main content
Notaspampeanas
  1. Posts/

The Eidgenössische Technische Hochschule Zürich researchers uncover vulnerability in confidential cloud environments

·6 mins·
Notaspampeanas
Computing Confidential Computing AMD Breach Cloud Services Confidential Cloud Environments RMPocalypse ETH Zurich
Notaspampeanas
Author
Notaspampeanas
Digging on curiosity and science.
Table of Contents

Some data is so sensitive that it is processed only in specially protected cloud areas. These are designed to ensure that not even a cloud provider can access the data. ETH Zurich researchers have now found a vulnerability that could allow hackers to breach these confidential environments, stated an article signed by Florian Meyer.

Clouds provide specially protected environments for confidential data. However, even these can be vulnerable to security breaches. ETH Zurich researchers are helping to identify and close these vulnerabilities. (Image generated with AI: Florian Meyer / ETH Zurich)
Clouds provide specially protected environments for confidential data. However, even these can be vulnerable to security breaches. ETH Zurich researchers are helping to identify and close these vulnerabilities. (Image generated with AI: Florian Meyer / ETH Zurich)

As we know, if you are an usual user, cloud services are in high demand today, offering the ability to store data on remote servers and access it from anywhere. They are used in a wide range of contexts: individuals store personal files such as holiday photos, while businesses rely on the cloud for sensitive data and operations.

For highly confidential data – such as that from the healthcare or financial sectors – cloud providers offer specially secured environments. These computing environments are designed so that neither the cloud provider nor the host operating system can access the data. As a result, sensitive information remains protected from unauthorised access, even while it is being processed.

These environments are therefore suitable both for storing sensitive data and for processing it securely. They play an important role, for example, in artificial intelligence (AI) applications that analyse personal content – such as messenger services that automatically generate summaries of messages by processing them in a cloud.

Experts refer to these specially secured cloud areas as confidential computing environments. These environments use technology to ensure that sensitive data remains encrypted and protected from access not only during storage or transmission, but also during processing in the cloud.

This protection is crucial: if hackers were able to exploit a vulnerability to access messages sent to a cloud-based messaging service for AI-powered summarisation, they would also be able to read all the private information contained in those messages as if it were an open book.

Hardware problem with far-reaching consequences
#

However, researchers from the Secure & Trustworthy Systems Group at ETH Zurich, led by Professor of Computer Science Shweta Shinde, have recently uncovered a vulnerability that could allow attackers to bypass the protection mechanisms of confidential computing environments. This would enable them to access secure data areas and potentially read or steal confidential information.

This vulnerability is named RMPocalypse. “RMPocalypse is a clearly identifiable hardware issue that can be exploited using straightforward attack methods and can have a serious impact,” explained Shweta Shinde. On the Common Vulnerability Scoring System (CVSS) – a scale from 1 to 10 used to assess the severity of IT security vulnerabilitiesRMPocalypse scores 6.0.

AMD security technology is affected
#

The vulnerability is therefore relevant -Florian Meyer wrote- but does not affect all cloud services. Office applications such as Word or Excel for example remain unaffected. The vulnerability is critical because it affects those areas of the cloud that are specifically secured for handling confidential data – and where an attack can cause far-reaching damage.

The discovered security vulnerability does not affect all cloud applications, but specifically those areas and workloads that are protected by specialised security technology from AMD. The US company Advanced Micro Devices (AMD) develops processors, graphics chips and security solutions for data centres, among other things.

Its technology is frequently used in the confidential computing environments of major cloud providers such as Microsoft Azure, Google Cloud and Amazon Web Services. Its widespread use increases the significance of RMPocalypse because the vulnerability could undermine trust in the security of cloud services.

Beware: every attack is a hit
#

In a publication, the ETH researchers show that they were able to regularly bypass the protective mechanisms of confidential computing environments via the vulnerability. They succeeded in gaining access to all tested workloads with a success rate of 100 per cent. This means that in every case, they were able to penetrate the data areas secured by AMD technology.

RMPocalypse exploits a vulnerability in the memory management of modern processors – specifically, in Reverse Map Table (RMP). This mechanism is intended to ensure that only authorised programmes can use confidential data. However, if it is flawed, the protection becomes incomplete – potentially allowing attackers to access sensitive information.

The technology used by AMD to protect highly confidential data in the cloud is called SEV-SNP – short for Secure Encrypted Virtualisation with Secure Nested Paging. It forms the technical foundation of confidential computing environments, ensuring that sensitive information remains protected even while it is being processed.

SEV-SNP automatically protects data – during storage, transmission and processing – and ensures that even cloud providers cannot access it. The technology provides robust protection for virtual machines (VM), which serve as digital workspaces in the cloud, shielding them from unauthorised access.

Vulnerability arises at start-up
#

The ETH Zurich researchers discovered that part of the security mechanism – the so-called Reverse Map Table (RMP) – is not fully protected when a virtual machine is started. This gap could allow attackers with remote access to bypass certain protective functions and manipulate the virtual machine environment, which is intended to be securely isolated.

In their publication, the researchers show that this vulnerability can be exploited to activate hidden functions (such as a debug mode), simulate security checks (so-called attestation forgeries) and restore previous states (replay attacks) – and even to inject foreign code.

Ultimately, the ETH researchers were able to show that AMD’s security mechanisms can be almost completely circumvented – including access to the code and all protected data. By theoretically analysing and documenting the attack, they helped to identify and fix the vulnerability before third parties could actually exploit it.

Contribution to digital sovereignty
#

As is standard practice in such cases, the ETH Zurich researchers promptly informed AMD of their discovery. This early disclosure enabled the company to fix the vulnerability and implement the necessary security measures for the affected processors.

Confidential computing also plays a key role in data sovereignty, as it enables data to be protected during processing. This is why the Swiss National Centre for Cybersecurity (NCSC) considers the technology important: it helps to technically implement enhanced security requirements for digital data in Switzerland.

Citation
#

  • Schlüter B., Shinde, S. RMPocalypse: How a Catch-22 Breaks AMD SEV-SNP. In: Proceedings of the 2025 ACM SIGSAC Conference on Computer and Communications Security (CCS ‘25), 13–17 October 2025, Taipei, Taiwan. ACM, New York, NY, USA.

  • The research paper is also available at this link.

Contact [Notaspampeanas](mailto: notaspampeanas@gmail.com)

Related

September is Healthy Aging Month
·3 mins
Notaspampeanas
September Healthy Aging Month National Institutes of Health
Scholarships Boost Future: Pre-registration begins on October 1st
·3 mins
Notaspampeanas
La Pampa Education Scholarships Boost Future
AI as a pedagogical tool: training courses in Education continue
·2 mins
Notaspampeanas
Education Artificial Intelligence Pedagogical Tools
Concluded the Pampean Sports Games for People with Disabilities
·2 mins
Notaspampeanas
La Pampa Pampean Sports Games People With Disabilities
La Pampa: Sports Games for People with Disabilities
·1 min
Notaspampeanas
La Pampa Sport Games People With Disabilities
La Pampa's police celebrated its 139th anniversary
·5 mins
Notaspampeanas
La Pampa Police 139th Anniversary