Researchers at KU Leuven and the University of Birmingham have disclosed a new hardware attack they call Battering RAM that they say can bypass current memory-encryption defenses on Intel and AMD cloud processors, allowing attackers to redirect protected addresses and tamper with encrypted memory. The research team described the work on their project website and published proof-of-concept code; the researchers said the hardware is inexpensive and can be made to behave transparently during boot before being switched to a malicious mode, and they also posted the code on GitHub.
The attack uses a custom-built DDR4 interposer that the team says can be assembled for less than $50 and placed in the memory path to quietly modify signals between the processor and DRAM. The researchers described the device as a simple interposer that employs analog switches to redirect physical addresses to attacker-controlled locations, which can enable reads of plaintext or the insertion of corrupted or replayed data.
According to the paper, Battering RAM compromises Intel’s Software Guard Extensions and AMD’s Secure Encrypted Virtualization with Secure Nested Paging, protections designed to keep customer data encrypted in memory while in use, and the researchers said it affects systems using DDR4 memory and workloads in public cloud confidential computing environments. The report links to Intel’s SGX documentation and AMD’s SEV-SNP materials to describe the targeted technologies and to a general overview of SGX, SEV-SNP and confidential computing.
The authors say the interposer can be used to obtain arbitrary read access or to write plaintext into protected enclaves on Intel platforms, and to bypass firmware mitigations and introduce backdoors on AMD systems. They warned that a rogue cloud provider or an insider with limited physical access could use the technique to undermine remote attestation and insert persistent compromises into protected virtual machines. AMD, Intel and Arm were informed earlier this year and, the researchers said, the vendors have treated physical access attacks as out of scope; AMD has also posted a security bulletin in response to related research and mitigations on its site amd-sb-3024.
The disclosure arrives amid a string of recent academic results showing new ways to extract data from cloud workloads. The researchers cited previous work, including attacks named Heracles and Relocate-Vote, and noted parallel findings that hypervisor-driven data movement can leak patterns, a point made by a University of Toronto team in a statement quoted on its web page here. Other recent studies include ETH Zürich research into an abusable CPU stack engine (stack engine), VUSec work on an L1TF Reloaded technique (Project Rain) and an accompanying Google bug-hunters write-up on the Google bug hunters blog, and a VMScape proof-of-concept from ETH Zürich with a linked Red Hat CVE (VMScape) and CVE-2025-40300.
Google provided the researchers with a dedicated sole-tenant node for safe testing, awarded a $151,515 bounty and said it applied fixes to affected assets, according to a Google Cloud security bulletin posted by Google. Amazon Web Services said the related L1TF Reloaded research does not affect guest data for customers running on the AWS Nitro System or Nitro Hypervisor and published its response on the AWS security blog here.
The research team said defending against Battering RAM would require fundamental changes to current memory-encryption designs because existing implementations trade cryptographic freshness checks for larger protected memory sizes, which the authors say allows dynamic address aliasing at runtime and can defeat boot-time alias checks.