Computer memory flaw leads to global security fixes
January 8, 2025
Cybersecurity

Computer memory flaw leads to global security fixes

By Arnold Pinto No comment
Memory

In AMD processors

Cybersecurity experts studying computer memory modules have uncovered a significant security flaw that has led to global security fixes in AMD computer processors. The vulnerability, known as ‘BadRAM,’ arises when rogue memory modules deliberately provide false information to a computer’s processor during startup, potentially exposing sensitive data or causing system disruptions.

Processors are integral to computing calculations. They store code and data in the system’s memory (DRAM). When a computer boots up, the processor communicates with the DRAM modules to determine their size, speed, and configuration.

This critical information is stored in the SPD (Serial Presence Detect) chip. However, researchers discovered that attackers could manipulate this chip, bypassing AMD’s built-in security mechanisms to protect sensitive data, particularly in cloud environments vulnerable to data breaches and insider threats.

The research team targeted a security feature called Secure Encrypted Virtualisation (SEV), developed by AMD. SEV encrypts virtual machines’ memory, safeguarding cloud computing privacy and isolating virtual machines from advanced attacks.

The research, conducted by experts from KU Leuven (Belgium), the University of Lübeck (Germany), and the University of Birmingham (UK), identified a significant flaw that allowed attackers to trick the system into accessing protected memory.

Dr David Oswald, from the University of Birmingham, explained, “Using inexpensive off-the-shelf equipment, we could manipulate the processor into granting access to protected memory.”

The researchers further explained that BadRAM causes the memory module to falsely report its size, tricking the CPU into addressing non-existent ‘ghost’ memory regions. This results in two CPU addresses mapping to the exact DRAM location, enabling attackers to bypass memory protections and access sensitive data.

In response to the findings, AMD has issued firmware updates to secure the memory configuration process at boot. Dr Oswald assured users, stating, “Most cloud providers have already updated their firmware to include AMD’s countermeasures, so there’s no need to worry about the security of your data.”

The researchers have also launched a website to explain the vulnerability and its potential risks further.

Hero image: AMD has issued firmware updates to secure the memory configuration process at boot. Credit: Johannes Plenio 

Tags:
Arnold Pinto

Arnold Pinto

Arnold Pinto is an award-winning journalist with wide-ranging Middle East and Asia experience in the tech, aerospace, defence, luxury watchmaking, business, automotive, and fashion verticals. He is passionate about conserving endangered native wildlife globally. Arnold enjoys 4x4 off-roading, camping and exploring global destinations off the beaten track. Write to: arnold@menews247.com
Follow Me:

Related Posts

Cookies

Over 54 Billion Cookies Found Leaked To The Dark Web

By News Desk 1

Why cyber protection is the ultimate defence for African enterprises

By Dan Ngiam
Online mentions of Seamless Saudi Arabia 2023. Infographic: Reputation House

Seamless Saudi Arabia 2023 visitors concerned about online reputation

By News Desk 1

Leave a Reply

Your email address will not be published. Required fields are marked *

About Us

Contact Us

Email: press@menews247.com

WhatsApp: +971 56 852 2508