TEE.Fail Side-Channel Attack Compromises Confidential Computing on DDR5 Systems
Academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack named TEE.Fail that enables the extraction of secrets from trusted execution environments (TEEs) in modern CPUs, including Intel's SGX and TDX, AMD's SEV-SNP, and even Nvidia's GPU Confidential Computing. The attack leverages a memory-bus interposition technique on DDR5 systems, using off-the-shelf equipment costing under $1,000, to physically intercept and analyze encrypted memory traffic. This method allows attackers with physical access and root privileges to extract cryptographic keys and forge attestation, undermining the security guarantees of confidential computing environments.
TEE.Fail is the first attack demonstrated against DDR5-based TEEs, extending previous DDR4-focused research such as WireTap and BatteringRAM. The researchers found that architectural changes in recent server-grade CPUs, specifically the adoption of deterministic AES-XTS encryption without memory integrity and replay protections, have introduced exploitable weaknesses. The attack's success highlights significant risks for organizations relying on hardware-based confidential computing, as it enables the compromise of sensitive data and secure workloads even on fully updated, trusted systems.
Sources
Related Stories
Hardware-Based Attacks on Secure Enclaves and Embedded Devices
Security researchers have demonstrated new hardware-based techniques to extract sensitive data from devices previously considered secure, including smartwatches and confidential computing servers. In one case, analysts revived the 'Blinkenlights' technique, adapting it to modern TFT screens to extract firmware from a budget smartwatch by exploiting a dial parser vulnerability. This allowed arbitrary memory content to be displayed on the device's screen, which was then captured using a high-speed Raspberry Pi Pico setup. The smartwatch, which contained fake health sensors and used a JieLi AC6958C6 system-on-chip, was found to have weak authentication and a flawed firmware parser, enabling the out-of-bounds read attack. Separately, researchers from KU Leuven University presented a low-cost hardware attack called 'Battering RAM' at Black Hat Europe 2025, which targets secure CPU enclaves such as Intel SGX and AMD SEV. By using a $50 DDR4 interposer, the researchers manipulated memory address mapping at runtime, bypassing firmware mitigations and gaining unauthorized access to encrypted memory. This allowed them to extract platform provisioning keys, forge attestation reports, and implant persistent backdoors on protected virtual machines, raising concerns about the security of cloud infrastructures relying on these technologies.
3 months ago
StackWarp Side-Channel Weakness Undermines AMD SEV-SNP Confidential VMs
Researchers at **CISPA Helmholtz Center for Information Security** disclosed **StackWarp** (**CVE-2025-29943**), a microarchitectural weakness affecting **AMD Zen** CPUs that can undermine the integrity guarantees of **AMD SEV-SNP** “confidential VM” protections. The attack model assumes a **malicious insider with host/hypervisor control** who can run a parallel hyperthread and exploit a previously undocumented hypervisor-side control bit to manipulate the protected guest’s stack pointer behavior, particularly when **Simultaneous Multithreading (SMT)** is enabled. Reported impacts include the ability to recover sensitive data from SEV-SNP guests—such as **cryptographic private keys**—and to enable follow-on compromise scenarios like **bypassing OpenSSH password authentication** and **privilege escalation** within the VM. AMD issued patches (made available in **July 2025**) and later published a security bulletin rating the issue **low severity**, but the disclosure highlights ongoing risk that confidential computing isolation can be weakened by CPU-level behaviors; organizations running SEV-SNP should prioritize applying AMD’s updates and review SMT-related exposure in multi-tenant or high-trust boundary environments.
1 months agoLinux Kernel Adds PCIe Link Encryption Amid Disclosure of PCIe IDE Vulnerabilities
The Linux kernel is introducing support for PCI Express (PCIe) Link Encryption in version 6.19, a feature developed collaboratively by Intel, AMD, and Arm to enhance the security of cloud server infrastructure. This new capability leverages certificates and keys to encrypt data transmitted between CPUs and hardware components over PCIe, aiming to prevent unauthorized devices from intercepting sensitive information. The encryption protocol, known as Integrity and Data Encryption (IDE), is managed through a Trusted Execution Environment (TEE) Security Manager, providing an additional layer of protection for cloud providers against hardware-based attacks. Concurrently, three significant vulnerabilities have been disclosed in the PCIe IDE protocol, affecting PCIe Base Specification Revision 5.0 and later. These flaws—CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614—could allow local attackers to reorder traffic, redirect completion timeouts, or inject stale data, potentially leading to information disclosure, privilege escalation, or denial of service. While these vulnerabilities require physical or low-level access to exploit, they highlight the ongoing challenges in securing PCIe communications, even as new encryption features are being integrated into major operating systems like Linux.
3 months ago