TEE.Fail Side-Channel Attack Compromises Confidential Computing on DDR5 Systems
Academic researchers from Georgia Tech, Purdue University, and Synkhronix have developed a side-channel attack named TEE.Fail that enables the extraction of secrets from trusted execution environments (TEEs) in modern CPUs, including Intel's SGX and TDX, AMD's SEV-SNP, and even Nvidia's GPU Confidential Computing. The attack leverages a memory-bus interposition technique on DDR5 systems, using off-the-shelf equipment costing under $1,000, to physically intercept and analyze encrypted memory traffic. This method allows attackers with physical access and root privileges to extract cryptographic keys and forge attestation, undermining the security guarantees of confidential computing environments.
TEE.Fail is the first attack demonstrated against DDR5-based TEEs, extending previous DDR4-focused research such as WireTap and BatteringRAM. The researchers found that architectural changes in recent server-grade CPUs, specifically the adoption of deterministic AES-XTS encryption without memory integrity and replay protections, have introduced exploitable weaknesses. The attack's success highlights significant risks for organizations relying on hardware-based confidential computing, as it enables the compromise of sensitive data and secure workloads even on fully updated, trusted systems.
Timeline
Oct 28, 2025
TEE.Fail attack details are publicly disclosed
Multiple security outlets reported the public disclosure of TEE.Fail, describing how it can break protections in Intel SGX/TDX, AMD SEV-SNP, and related confidential-computing or secure-enclave technologies. Coverage highlighted that the attack threatens secrets stored or processed inside these environments.
Oct 28, 2025
Researchers develop TEE.Fail DDR5 side-channel attack on TEEs
Security researchers created TEE.Fail, a physical side-channel attack using the DDR5 memory bus to extract secrets from confidential-computing environments. Reports say the technique affects trusted execution technologies from Intel, AMD, and NVIDIA and can be carried out with relatively low-cost equipment.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Related Entities
Organizations
Sources
Related Stories
Hardware-Based Attacks on Secure Enclaves and Embedded Devices
Security researchers have demonstrated new hardware-based techniques to extract sensitive data from devices previously considered secure, including smartwatches and confidential computing servers. In one case, analysts revived the 'Blinkenlights' technique, adapting it to modern TFT screens to extract firmware from a budget smartwatch by exploiting a dial parser vulnerability. This allowed arbitrary memory content to be displayed on the device's screen, which was then captured using a high-speed Raspberry Pi Pico setup. The smartwatch, which contained fake health sensors and used a JieLi AC6958C6 system-on-chip, was found to have weak authentication and a flawed firmware parser, enabling the out-of-bounds read attack. Separately, researchers from KU Leuven University presented a low-cost hardware attack called 'Battering RAM' at Black Hat Europe 2025, which targets secure CPU enclaves such as Intel SGX and AMD SEV. By using a $50 DDR4 interposer, the researchers manipulated memory address mapping at runtime, bypassing firmware mitigations and gaining unauthorized access to encrypted memory. This allowed them to extract platform provisioning keys, forge attestation reports, and implant persistent backdoors on protected virtual machines, raising concerns about the security of cloud infrastructures relying on these technologies.
1 months ago
StackWarp Side-Channel Weakness Undermines AMD SEV-SNP Confidential VMs
Researchers at **CISPA Helmholtz Center for Information Security** disclosed **StackWarp** (**CVE-2025-29943**), a microarchitectural weakness affecting **AMD Zen** CPUs that can undermine the integrity guarantees of **AMD SEV-SNP** “confidential VM” protections. The attack model assumes a **malicious insider with host/hypervisor control** who can run a parallel hyperthread and exploit a previously undocumented hypervisor-side control bit to manipulate the protected guest’s stack pointer behavior, particularly when **Simultaneous Multithreading (SMT)** is enabled. Reported impacts include the ability to recover sensitive data from SEV-SNP guests—such as **cryptographic private keys**—and to enable follow-on compromise scenarios like **bypassing OpenSSH password authentication** and **privilege escalation** within the VM. AMD issued patches (made available in **July 2025**) and later published a security bulletin rating the issue **low severity**, but the disclosure highlights ongoing risk that confidential computing isolation can be weakened by CPU-level behaviors; organizations running SEV-SNP should prioritize applying AMD’s updates and review SMT-related exposure in multi-tenant or high-trust boundary environments.
1 months ago
Linux Kernel Adds PCIe Link Encryption Amid Disclosure of PCIe IDE Vulnerabilities
The Linux kernel is introducing support for PCI Express (PCIe) Link Encryption in version 6.19, a feature developed collaboratively by Intel, AMD, and Arm to enhance the security of cloud server infrastructure. This new capability leverages certificates and keys to encrypt data transmitted between CPUs and hardware components over PCIe, aiming to prevent unauthorized devices from intercepting sensitive information. The encryption protocol, known as Integrity and Data Encryption (IDE), is managed through a Trusted Execution Environment (TEE) Security Manager, providing an additional layer of protection for cloud providers against hardware-based attacks. Concurrently, three significant vulnerabilities have been disclosed in the PCIe IDE protocol, affecting PCIe Base Specification Revision 5.0 and later. These flaws—CVE-2025-9612, CVE-2025-9613, and CVE-2025-9614—could allow local attackers to reorder traffic, redirect completion timeouts, or inject stale data, potentially leading to information disclosure, privilege escalation, or denial of service. While these vulnerabilities require physical or low-level access to exploit, they highlight the ongoing challenges in securing PCIe communications, even as new encryption features are being integrated into major operating systems like Linux.
1 months ago