{"id":1801,"date":"2018-05-29T19:50:09","date_gmt":"2018-05-29T19:50:09","guid":{"rendered":"https:\/\/kasperskycontenthub.com\/threatpost\/?p=132359"},"modified":"2018-05-29T19:50:09","modified_gmt":"2018-05-29T19:50:09","slug":"severed-attack-extracts-the-memory-of-amd-encrypted-vms","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/","title":{"rendered":"SEVered Attack Extracts the Memory of AMD-Encrypted VMs"},"content":{"rendered":"<div class=\"media_block\"><\/div>\n<div><img decoding=\"async\" src=\"https:\/\/media.kasperskycontenthub.com\/wp-content\/uploads\/sites\/31\/2018\/05\/29152638\/virtual-machine.jpg\" class=\"ff-og-image-inserted\"\/><\/div>\n<p>Virtual machines that use AMD\u2019s Secure Encrypted Virtualization (SEV), a hardware-based encryption scheme, have been found to be vulnerable to attacks that can extract the full contents of their main memory \u2013 in plaintext.<\/p>\n<p>SEV is a feature specifically designed for securely encrypting VMs, developed to protect VM memory from remote and physical attackers. It is meant to give users a modicum of control over their virtual environments, so they don\u2019t have to place all of their trust in the vendors providing the virtualized environment.<\/p>\n<p>Hypervisors act as controllers for VMs and as such, can easily access sensitive data stored in VM memory, such as keys, passwords or classified information. SEV was built to encrypt individual VMs using a secure processor (SP). It\u2019s a hardware-based approach that removes the memory from being open to prying hypervisor eyes \u2013 in theory.<\/p>\n<p>Ironically, SEV can be \u201cSEVered,\u201d so to speak, laying open the VMs to attacks from malicious hypervisor.<\/p>\n<p>\u201cSEVered [the coined term for the attack method] neither requires physical access nor colluding virtual machines, but only relies on a remote communication service, such as a web server, running in the targeted virtual machine,\u201d explained Fraunhofer AISEC researchers Mathias Morbitzer, Manuel Huber, Julian Horsch and Sascha Wessel, in an <a href=\"https:\/\/arxiv.org\/pdf\/1805.09604.pdf\">research paper<\/a> (PDF) released last week. \u201cSEVered reliably and efficiently extracts all memory contents, even in scenarios where the targeted virtual machine is under high load.\u201d<\/p>\n<p>AMD confirmed the vulnerability to Threatpost, saying, \u201cAMD is currently working with the ecosystem to protect against vulnerabilities that are more difficult to exploit, such as malicious hypervisor attacks like those recently detailed by German researchers.\u201d No patch is yet available.<\/p>\n<p>The chipmaker also characterized SEV as continuing to protect VM from inadvertent vulnerabilities in typical operating environments.<\/p>\n<p>\u201cSEV provides what was previously unavailable protection of memory in a virtual environment and is a first step to improving security for virtualization,\u201d the company said in a statement provided to Threatpost.<\/p>\n<p><strong>Malicious Mapping<\/strong><\/p>\n<p>According to the German researchers, the problem is that SEV\u2019s encryption of main VM memory lacks integrity protection. To wit, even with SEV enabled, hypervisors are responsible for second-level address translation (SLAT), meaning that they maintain the VM\u2019s General Physical Access (GPA) to Host Physical Address (HPA) mapping in main memory. That allows an attacker with access to the hypervisor to change that mapping and identify linked information when the RAM is queried.<\/p>\n<p>\u201cWe use this capability to trick a service in the VM, such as a web server, into returning arbitrary pages of the VM in plaintext upon the request of a resource from outside,\u201d the paper outlined. \u201cWe first identify the encrypted pages in memory corresponding to the resource, which the service returns as a response to a specific request. By repeatedly sending requests for the same resource to the service while re-mapping the identified memory pages, we extract all the VM\u2019s memory in plaintext.\u201d<\/p>\n<p>After completion, attackers can cover their tracks by restoring the mapping of the resource pages to their original HPAs.<\/p>\n<p>The paper\u2019s authors said that SEVered neither requires detailed knowledge of the target VM or service, nor a malicious process running inside the VM; however, several techniques have to be combined to reliably identify the encrypted pages that are being queried \u2013 and this supports AMD\u2019s characterization of the flaw as being difficult to exploit.<\/p>\n<p><strong>Real-World Feasibility<\/strong><\/p>\n<p>Exploitation may be difficult, but it is certainly possible, as the researchers demonstrated.<\/p>\n<p>Using a Debian GNU\/Linux test server running on an AMD Epyc 7251 processor with SEV enabled, they spun up an Apache web server and an OpenSSH in separate VMs. They then modified the system\u2019s KVM hypervisor, so that it could see when software accessed physical RAM. Within seconds, after multiple requests for the same information, they were able to narrow down what resource corresponded with which query, in order to extract it.<\/p>\n<p>In this way, the hypervisor eventually was able to extract 2GB of memory from the victim machine.<\/p>\n<p>\u201cOur evaluation shows that SEVered is feasible in practice and that it can be used to extract the entire memory from a SEV-protected VM within reasonable time,\u201d the researchers wrote. \u201cThe results specifically show that critical aspects, such as noise [activity] during the identification and the resource stickiness are managed well by SEVered.\u201d<\/p>\n<p><strong>Mitigations<\/strong><\/p>\n<p>As mentioned, there is no patch or fix for the issue. And, researchers said, issuing a fix will be tricky.<\/p>\n<p>For one, shoring things up in software isn\u2019t an answer. \u201cIntegrity protection can hardly be achieved in software as the VM would require efficient and reliable software mechanisms to protect itself from modification of memory mappings and contents, e.g., by maintaining hashes in a safe location,\u201d the researchers noted. \u201cBoth mechanisms seem hard to realize to reliably protect an entire VM at all times, and would probably incur an intolerable performance overhead. We thus consider software-based countermeasures insufficient solutions against our attack.\u201d<\/p>\n<p>Hardware-based solutions come in two flavors. First, a modification of AMD SEV to include the integrity protection. That\u2019s likely a costly endeavor and would require labor and overhead to install.<\/p>\n<p>The second approach is more low-cost and efficient. \u201cSecurely combine the hash of the page\u2019s content with the guest-assigned GPA,\u201d researchers noted. \u201cThis ensures that pages cannot easily be swapped by changing the GPA to HPA mapping. Adding a nonce additionally ensures that an old page for the GPA cannot be replayed into the guest by a malicious [hypervisor].\u201d<\/p>\n<p> READ MORE <a href=\"https:\/\/threatpost.com\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/132359\/\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Virtual machines that use AMD\u2019s hardware-based encryption scheme are vulnerable to attacks that can extract the full contents of their main memory \u2013 in plaintext. READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":1802,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[3],"tags":[839,840,46,841,842,843,844,845,254,846,847,848],"class_list":["post-1801","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threatpost","tag-amd","tag-attack","tag-encryption","tag-hypervisor","tag-research","tag-secure-processor","tag-sev","tag-severed","tag-uncategorized","tag-virtual-machine","tag-virtualization","tag-vm"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>SEVered Attack Extracts the Memory of AMD-Encrypted VMs 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SEVered Attack Extracts the Memory of AMD-Encrypted VMs 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2018-05-29T19:50:09+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SEVered Attack Extracts the Memory of AMD-Encrypted VMs\",\"datePublished\":\"2018-05-29T19:50:09+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/\"},\"wordCount\":926,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg\",\"keywords\":{\"0\":\"AMD\",\"1\":\"attack\",\"2\":\"Encryption\",\"3\":\"Hypervisor\",\"4\":\"Research\",\"5\":\"Secure Processor\",\"6\":\"sev\",\"7\":\"severed\",\"9\":\"virtual machine\",\"10\":\"virtualization\",\"11\":\"VM\"},\"articleSection\":[\"Threatpost\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/\",\"name\":\"SEVered Attack Extracts the Memory of AMD-Encrypted VMs 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg\",\"datePublished\":\"2018-05-29T19:50:09+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2018\\\/05\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg\",\"width\":800,\"height\":400},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"AMD\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/amd\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SEVered Attack Extracts the Memory of AMD-Encrypted VMs\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SEVered Attack Extracts the Memory of AMD-Encrypted VMs 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/","og_locale":"en_US","og_type":"article","og_title":"SEVered Attack Extracts the Memory of AMD-Encrypted VMs 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2018-05-29T19:50:09+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SEVered Attack Extracts the Memory of AMD-Encrypted VMs","datePublished":"2018-05-29T19:50:09+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/"},"wordCount":926,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg","keywords":{"0":"AMD","1":"attack","2":"Encryption","3":"Hypervisor","4":"Research","5":"Secure Processor","6":"sev","7":"severed","9":"virtual machine","10":"virtualization","11":"VM"},"articleSection":["Threatpost"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/","url":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/","name":"SEVered Attack Extracts the Memory of AMD-Encrypted VMs 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg","datePublished":"2018-05-29T19:50:09+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2018\/05\/severed-attack-extracts-the-memory-of-amd-encrypted-vms.jpg","width":800,"height":400},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/severed-attack-extracts-the-memory-of-amd-encrypted-vms\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"AMD","item":"https:\/\/www.threatshub.org\/blog\/tag\/amd\/"},{"@type":"ListItem","position":3,"name":"SEVered Attack Extracts the Memory of AMD-Encrypted VMs"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1801","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=1801"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/1801\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/1802"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=1801"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=1801"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=1801"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}