AMD SEV-SNP Vulnerability Exposed in Black Hat 2025 Talk

The Black Hat 2025 talk titled 'Rumple Eclipse Catch22: Breaking AMD's Confidential Computing' presents a firmware/microcode vulnerability (CVE undisclosed) in AMD Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), affecting all Zen processors supporting SEV-SNP. Researchers Benedict (PhD candidate) and Professor Shweta Shinde from ETH Zurich demonstrated how a misalignment between protection barriers during SEV-SNP initialization allows attackers to overwrite the Reverse Map Table (RMP), breaking integrity guarantees for confidential virtual machines (CVMs). The attack exploits a race condition where x86 cores create dirty cache lines targeting RMP memory while the Platform Security Processor (PSP) initializes the table, bypassing Trusted Memory Region (TMR) protections. By compromising a single self-referential RMP entry, the entire table becomes writable, enabling hypervisor-level manipulation of guest context pages—including flipping the debug bit or altering attestation hashes. AMD addressed the flaw via firmware and microcode patches released around August 2025, though the open-source SEV firmware remains outdated (Zen 4/Genoa-only). The root cause was traced to a missing barrier at the x86 core level during initialization, contrasting with the TMR-based protection active post-initialization. The talk emphasized AMD’s relative transparency compared to Intel/ARM, citing accessible documentation and partial PSP source code as key enablers for the research.