Vulnerability discovered in confidential cloud environments

Some data is so sensitive that it is only processed in specially protected cloud areas. These are designed to ensure that even a cloud provider cannot access the data. Researchers at ETH Zurich have discovered a vulnerability that could allow hackers to penetrate these confidential environments.

Cloud services are in great demand today, providing users with the ability to store data on remote servers and access it from anywhere. They are used in a wide range of contexts: individuals store personal files such as vacation photos, while businesses rely on the cloud for their sensitive data and operations.

For highly confidential data, such as those from the healthcare or financial sectors, cloud providers offer specially secure environments. These computing environments are designed in such a way that neither the cloud provider nor the host operating system can access the data. This ensures that sensitive information remains protected against unauthorized access, even while it is being processed.

These environments are therefore suitable both for storing sensitive data and for processing them securely. For example, they play an important role in artificial intelligence (AI) applications that analyze personal content, such as messaging services that automatically generate message summaries by processing them in a cloud.

Experts refer to these specially secured cloud areas as confidential computing environments. These environments use technology to ensure that sensitive data remains encrypted and protected from access not only during storage or transmission, but also during processing in the cloud.

This protection is crucial: If hackers could exploit a vulnerability to access messages sent to a cloud-based messaging service for AI-based summarization, they would also be able to read all the private information contained in those messages as if it were an open book.

Hardware problem with considerable consequences

However, researchers from the Secure & Trustworthy Systems group at ETH Zurich, led by computer science professor Shweta Shinde, recently discovered a vulnerability that could allow attackers to bypass protection mechanisms in confidential computing environments. This would allow them to access secure data areas and potentially read or steal confidential information.

This vulnerability is named RMPocalypse. “RMPocalypse is a clearly identifiable hardware issue that can be exploited using simple attack methods and can have a serious impact,” explains Shweta Shinde. On the Common Vulnerability Scoring System (CVSS), a scale of 1 to 10 used to rate the severity of computer security vulnerabilities, RMPocalypse scores 6.0.

Vulnerability affects AMD security technology

The vulnerability is therefore relevant but does not affect all cloud services. Office applications such as Word or Excel for example are not affected. This vulnerability is critical because it affects areas of the cloud specifically secured for processing confidential data and where an attack can cause considerable damage.

The discovered security vulnerability does not affect all cloud applications, but specifically areas and workloads protected by AMD’s specialized security technology. The American company Advanced Micro Devices (AMD) develops, among other things, processors, graphics chips and security solutions for data centers.

Its technology is frequently used in the confidential computing environments of major cloud providers such as Microsoft Azure, Google Cloud and Amazon Web Services. Its widespread use increases the importance of RMPocalypse because its vulnerability could undermine confidence in the security of cloud services.

Warning: every attack is a success

In an article published as part of the Proceedings of the ACM SIGSAC 2025 Conference on Computer and Communications SecurityETH researchers show that they have managed to regularly bypass the protection mechanisms of confidential IT environments thanks to the vulnerability. They successfully accessed all tested workloads with a 100% success rate. This means that in all cases they were able to penetrate data areas secured by AMD technology.

RMPocalypse exploits a vulnerability in the memory management of modern processors, specifically in Reverse Map Table (RMP). This mechanism aims to ensure that only authorized programs can use confidential data. However, if it is faulty, the protection becomes incomplete, potentially allowing attackers to access sensitive information.

The technology AMD uses to protect highly confidential data in the cloud is called SEV-SNP, short for Secure Encrypted Virtualization with Secure Nested Paging. It forms the technical foundation of confidential computing environments, ensuring that sensitive information remains protected even while it is being processed.

SEV-SNP automatically protects data (during storage, transmission and processing) and ensures that even cloud providers cannot access it. The technology provides robust protection for virtual machines (VMs), which serve as digital workspaces in the cloud, protecting them from unauthorized access.

The vulnerability appears at startup

Researchers at ETH Zurich discovered that part of the security mechanism, called Reverse Map Table (RMP), is not fully protected when a virtual machine starts. This flaw could allow attackers with remote access to bypass certain protection functions and manipulate the virtual machine environment, which is supposed to be securely isolated.

In their publication, the researchers show that this vulnerability can be exploited to enable hidden functions (such as a debug mode), simulate security checks (called attestation forgery) and restore previous states (replay attacks), or even inject foreign code.

Ultimately, the ETH researchers were able to show that AMD’s security mechanisms can be almost completely bypassed, including access to the code and all protected data. By theoretically analyzing and documenting the attack, they helped identify and fix the vulnerability before third parties could actually exploit it.

Contribution to digital sovereignty

As is customary in such cases, the ETH Zurich researchers immediately informed AMD of their discovery. This early disclosure allowed the company to patch the vulnerability and implement necessary security measures for affected processors.

Confidential computing also plays a key role in data sovereignty, as it helps protect data during processing. This is why the Swiss National Cyber ​​Security Center (NCSC) considers this technology important: it helps to technically implement enhanced security requirements for digital data in Switzerland.