A research team from ETH Zurich has disclosed a critical — CVE-2025-0033, dubbed RMPocalypse — that undermines AMD’s confidential computing technology across its Zen 3, Zen 4, and Zen 5 processors. The enables attackers to fully compromise virtual machines protected under SEV-SNP (Secure Encrypted Virtualization–Secure Nested Paging), effectively voiding all confidentiality and integrity guarantees of AMD’s flagship cloud feature.
According to the ETH Zurich study, “With RMPocalypse, we demonstrate an attack on all AMD processors that support SEV-SNP (Zen 3/4/5) and compromise all confidential computing guarantees.”
Confidential computing is designed to protect workloads in untrusted cloud environments by isolating virtual machines (VMs) from the host hypervisor. AMD’s SEV-SNP extends this protection by encrypting VM memory and enforcing access control through a structure called the Reverse Map Table (RMP).
However, ETH Zurich’s research reveals a fatal design in that very foundation. “Reverse Map Table, in short RMP, is one of the main protection mechanisms in SEV-SNP to stop the hypervisor from accessing the confidential virtual machines,” the study explains.
In RMPocalypse, the researchers exploit “AMD’s incomplete protections that allow us to perform a single memory write to the RMP, thus breaking SEV-SNP.”
The attack targets a misalignment between AMD’s Trusted Memory Regions (TMRs) and cache coherence mechanisms during SEV-SNP initialization. This allows a malicious hypervisor to insert “dirty cachelines pointing to RMP memory” while the protection is not fully active. When the platform transitions from TMR to RMP enforcement, the attacker can flush these cachelines — writing arbitrary data into protected RMP regions.
ETH Zurich summarizes the flaw’s impact:
“RMPocalypse shows that AMD’s platform protection mechanisms are not complete, thus leaving a small window of opportunity for the attacker to maliciously overwrite the RMP on initialization. Due to the design of the RMP, a single overwrite of 8 bytes within the RMP causes the entire RMP to become subsequently compromised.”
With that single overwrite, attackers can forge attestation values, enable debug mode, and read or modify encrypted CVM memory. The researchers add, “With a compromised RMP, all integrity guarantees of SEV-SNP become void… resulting in a full breach of confidentiality.”
Unlike many speculative or timing-based attacks, RMPocalypse is deterministic — it succeeds every time.
“We perform the RMP corruption during SEV initialization. RMPocalypse is deterministic since our malicious write always goes through.”
By targeting the root RMP entry, attackers can compromise all metadata for Confidential VMs (CVMs), including attestation hashes and debug flags, effectively taking full control over the protected environment.
ETH Zurich demonstrated 100% success in their case studies, noting, “We can arbitrarily tamper with the execution of confidential VMs and exfiltrate all secrets with 100% success rate.”
The attack begins during the RMP setup phase, when AMD’s Platform Processor (PSP) configures protections before confidential VMs start. During this time, the TMR barrier blocks DRAM writes — but fails to prevent cache pollution from the x86 cores.
As the study explains:
“The TMR barrier only stops the memory access at the memory controller level; it cannot stop cache pollution.”
When the PSP finishes initialization and lifts the TMR barrier, the malicious cachelines flush directly to DRAM — corrupting the RMP before SEV-SNP validation kicks in.
“This leaves a time window during RMP initialization, where x86 cores can flush the previously created dirty cacheline entries… bypassing both protection mechanisms.”
The strikes at the core of cloud-based confidential computing, where tenants rely on hardware-isolated VMs to protect sensitive workloads from untrusted hypervisors. By compromising SEV-SNP, RMPocalypse effectively erases the boundary between cloud tenants and providers.
Potential attacker capabilities include:
- Full memory access to encrypted VMs.
- Tampering with attestation, undermining trust in VM integrity checks.
- Replaying VM states or cloning confidential environments.
- Activating debug features to extract live secrets.
Following disclosure, AMD acknowledged the flaw and released firmware mitigations. The researchers confirmed: “AMD released firmware updates to mitigate the issue.”
- Data Centers Alert: AMD Addresses SEV-SNP Vulnerabilities in EPYC Processors
- The Fake Crypto Bot Scam: How Smart Contracts & AI Videos Are Stealing Millions on YouTube
- ETH Devs Launch First Shadow Fork to test POS
- CVE-2024-37085: VMware ESXi Vulnerability Exploited by Ransomware Gangs
- NuGet’s Stealth Malware: The Hidden SeroXen RAT Threat
