Academic researchers from ETH Zurich have discovered a vulnerability in the memory management of AMD processors that allowed them to break confidential computing integrity guarantees.
Tracked as CVE-2025-0033 (CVSS score of 6.0), the issue is described as a race condition that occurs when AMD Secure Processor (ASP) initializes the Reverse Map Table (RMP).
In AMD processors that use Secure Encrypted Virtualization – Secure Nested Paging (SEV-SNP), RMP prevents the hypervisor from tampering with guest page mappings.
However, because RMP entries are used to protect the rest of the RMP, a Catch-22 occurs during setup, and the ASP is used to perform RMP initialization. Only ASP can modify RMP memory.
The security defect, named RMPocalypse (PDF), allows a malicious hypervisor to corrupt the RMP during initialization and manipulate its content, thus affecting the guest memory integrity.
RMP, the researchers note, was added to SEV-SNP to prevent integrity attacks, and its correct initialization allows hypervisors to launch confidential VMs by assigning physical memory to them. RMP keeps track of page mappings and of the ownership of each physical page.
Because modern servers have large DRAM capacities, the RMP is also sizable (16 gigabytes), and is stored on the DRAM, where it protects itself, with the SEV-SNP preventing the hypervisor from mapping RMP-owned physical pages.
AMD processors with SEV-SNP have several x86 cores for workload computations and a secure co-processor (ASP) for enforcing security on the x86 cores and the memory subsystem. It also checks hypervisor-provisioned configuration when RMP initialization is requested.
The academics discovered that ASP does not properly protect the memory containing RMP during initialization, which allows the hypervisor to write to the RMP memory and corrupt the entry, leading to SEV-SNP guarantee compromise.
The researchers tested the RMPocalypse attack on Zen 3, Zen 4, and latest Zen 5 processors, demonstrating how it can be used to overwrite various pages.
“To show the impact of our finding, we exploit this gap to break confidentiality and integrity guarantees of SEV-SNP. We demonstrate RMPocalypse by enabling debug on production-mode CVMs, faking attestation, VMSA state replay, and code injection,” the academics note in their research paper.
On Monday, AMD announced that its EPYC and EPYC Embedded series processors are affected and that patches were sent to OEMs, which should roll out BIOS updates to address them.
Microsoft on Monday said it has been working on updates to address the security defect in Azure Confidential Computing’s (ACC) AMD-based clusters. Once the fixes will be deployed, customers will be notified if ACC resource reboots are required.
The company also noted that the issue is less likely to be exploited in the wild, due to protections that reduce the risk of memory manipulation or host compromise.
“Across Azure Confidential Computing products, multiple security guardrails are in place to prevent host compromise, combining isolation, integrity verification, and continuous monitoring. All host operations follow audited and approved management pathways, with administrative access strictly controlled, limited, and logged,” Microsoft says.
Related: The Y2K38 Bug Is a Vulnerability, Not Just a Date Problem, Researchers Warn
Related: The Importance of Allyship for Women in Cyber
Related: Google Offers Up to $20,000 in New AI Bug Bounty Program
Related: When Vendors Overstep – Identifying the AI You Don’t Need
