RMPocalypse Vulnerability Enables Full Compromise of AMD SEV-SNP Encrypted Virtual Machines
A critical vulnerability, identified as CVE-2025-0033 and dubbed RMPocalypse, has been discovered in AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) technology. This flaw allows attackers to bypass the core security guarantees of SEV-SNP, which is designed to protect the confidentiality and integrity of virtual machines (VMs) even in hostile environments. Researchers from ETH Zürich revealed that the vulnerability stems from incomplete protections in the initialization of the Reverse Map Paging (RMP) table, a key data structure that stores security metadata for all DRAM pages in the system. The RMP table, which maps system physical addresses to guest physical addresses, is only partially protected during VM startup, creating a window of opportunity for exploitation. By performing a single, carefully crafted 8-byte memory write to the RMP table, an attacker can corrupt its contents, undermining the isolation between VMs and the hypervisor. This attack vector enables adversaries with sufficient access to bypass SEV-SNP's hardware-enforced boundaries, potentially gaining full control over encrypted VMs. The implications are severe: attackers could access sensitive data, activate hidden debug functions, forge attestation checks, and even perform replay attacks by restoring previous VM states. AMD has acknowledged the issue and released firmware updates to address the vulnerability, urging customers to apply the patches promptly. The flaw highlights a fundamental challenge in confidential computing, where the security of the underlying mechanisms is as critical as the protections they provide. The vulnerability is particularly concerning for cloud service providers and enterprises relying on SEV-SNP for secure multi-tenant environments. Security experts recommend immediate patching and a review of VM isolation strategies in light of this disclosure. The RMPocalypse flaw demonstrates that even advanced hardware-based security features can be undermined by subtle implementation oversights. The research underscores the importance of rigorous security validation for all components involved in confidential computing. Organizations are advised to monitor for further advisories from AMD and to assess the potential exposure of their virtualized workloads. The incident serves as a reminder that attackers continue to seek and exploit weaknesses in foundational security technologies. The public disclosure of RMPocalypse has prompted renewed scrutiny of hardware-assisted virtualization security. The vulnerability's exploitation requires a high level of technical skill but poses a significant risk to environments where SEV-SNP is deployed. AMD's response includes not only patches but also updated guidance for secure deployment of SEV-SNP-enabled systems. The security community is closely watching for any signs of exploitation in the wild following the release of technical details. This event is expected to influence future designs of confidential computing architectures across the industry.
Sources
Related Stories
StackWarp Side-Channel Weakness Undermines AMD SEV-SNP Confidential VMs
Researchers at **CISPA Helmholtz Center for Information Security** disclosed **StackWarp** (**CVE-2025-29943**), a microarchitectural weakness affecting **AMD Zen** CPUs that can undermine the integrity guarantees of **AMD SEV-SNP** “confidential VM” protections. The attack model assumes a **malicious insider with host/hypervisor control** who can run a parallel hyperthread and exploit a previously undocumented hypervisor-side control bit to manipulate the protected guest’s stack pointer behavior, particularly when **Simultaneous Multithreading (SMT)** is enabled. Reported impacts include the ability to recover sensitive data from SEV-SNP guests—such as **cryptographic private keys**—and to enable follow-on compromise scenarios like **bypassing OpenSSH password authentication** and **privilege escalation** within the VM. AMD issued patches (made available in **July 2025**) and later published a security bulletin rating the issue **low severity**, but the disclosure highlights ongoing risk that confidential computing isolation can be weakened by CPU-level behaviors; organizations running SEV-SNP should prioritize applying AMD’s updates and review SMT-related exposure in multi-tenant or high-trust boundary environments.
1 months agoAMD Zen 5 RDSEED Vulnerability Weakens Cryptographic Security
AMD has confirmed a high-severity vulnerability in the RDSEED instruction of its Zen 5 architecture CPUs, including Epyc 9005, Ryzen 9000, and Threadripper 9000 series. The flaw, tracked as CVE-2025-62626, allows the RDSEED function to return a value of 0 as a valid random number in approximately 10% of cases, potentially undermining the integrity of cryptographic keys and other security operations that rely on strong randomness. The issue was discovered by a Meta engineer and publicly disclosed via a Linux kernel mailing list, raising concerns about the predictability of cryptographic operations on affected systems. AMD has responded by releasing microcode patches for some affected processors, such as the Epyc 9005 series, and is working on additional fixes for other impacted models. As a temporary mitigation, users are advised to use the unaffected 64-bit RDSEED variant where possible or disable the RDSEED instruction via boot parameters. The vulnerability requires local privileges to exploit, meaning an attacker would already need significant access to the system. Linux kernel updates have also attempted to address the issue, though some users have reported compatibility problems with certain distributions following these changes.
4 months ago
UNC6201 Exploits Dell RecoverPoint for Virtual Machines Zero-Day via Hardcoded Credential
**Mandiant/Google Threat Intelligence Group (GTIG)** reported active exploitation of a **Dell RecoverPoint for Virtual Machines (RP4VM)** zero-day, **CVE-2026-22769** (rated **CVSS 10.0**), attributed to suspected PRC-nexus activity tracked as **UNC6201**. The flaw is described as a **hardcoded credential** condition that can enable **unauthenticated remote access**, **OS-level control**, and **root-level persistence**, with follow-on activity aimed at persistence and lateral movement into **VMware** environments. Reporting also indicates the vulnerability was flagged for heightened defender attention via **CISA’s Known Exploited Vulnerabilities (KEV)** signaling referenced through NVD enrichment. The incident underscores elevated risk when adversaries compromise **backup and recovery infrastructure**, which can undermine restore integrity and expand blast radius into virtualization management planes. Public reporting tied to the same activity highlights associated tooling/malware families including **BRICKSTORM** and **GRIMBOLT** (and related mentions of **SLAYSTYLE**) in post-compromise operations, while noting that the **initial access vector was not definitively confirmed** beyond observed exploitation activity involving RP4VM. A separate malware-news roundup amplified the same UNC6201/RP4VM zero-day reporting, but did not add primary technical detail beyond pointing back to the underlying research.
2 weeks ago