{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/confidential-computing/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["badaml","acpi","injection","confidential-computing"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eThe BadAML injection attack, initially published in 2024, exploits the ACPI interface in confidential virtual machines, allowing for arbitrary code execution. This vulnerability arises from the ability of an attacker with control over the host to inject malicious AML (ACPI Machine Language) code. This code, embedded within ACPI tables, is passed from the host (QEMU) to the guest firmware (OVMF) and subsequently to the Linux kernel. The kernel\u0026rsquo;s AML interpreter then executes this code, granting the attacker control within the guest environment. The Contrast platform versions prior to 1.18.0 are vulnerable on \u003ccode\u003eMetal-QEMU-SNP\u003c/code\u003e and \u003ccode\u003eMetal-QEMU-SNP-GPU\u003c/code\u003e platforms. Successful exploitation allows attackers to bypass security measures designed to protect confidential VMs.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eAttacker gains control over the host machine running the QEMU hypervisor.\u003c/li\u003e\n\u003cli\u003eAttacker crafts a malicious ACPI table containing arbitrary AML code.\u003c/li\u003e\n\u003cli\u003eThe malicious ACPI table is injected into the guest VM via QEMU.\u003c/li\u003e\n\u003cli\u003eThe OVMF firmware in the guest VM parses the ACPI table and passes the AML code to the Linux kernel.\u003c/li\u003e\n\u003cli\u003eThe Linux kernel\u0026rsquo;s AML interpreter executes the injected AML code.\u003c/li\u003e\n\u003cli\u003eThe AML code leverages its access to guest memory to escalate privileges.\u003c/li\u003e\n\u003cli\u003eThe attacker gains arbitrary code execution within the guest VM.\u003c/li\u003e\n\u003cli\u003eThe attacker can then perform malicious actions, such as data exfiltration or further compromise of the system.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eSuccessful exploitation of the BadAML vulnerability allows attackers to execute arbitrary code within confidential VMs, potentially leading to data theft, service disruption, or complete system compromise. While the number of victims is unknown, the affected sectors include any environment utilizing the vulnerable Contrast platforms (\u003ccode\u003eMetal-QEMU-SNP\u003c/code\u003e and \u003ccode\u003eMetal-QEMU-SNP-GPU\u003c/code\u003e) for confidential computing. The impact is significant, as it undermines the security guarantees provided by confidential computing technologies.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eUpgrade Contrast installations on \u003ccode\u003eMetal-QEMU-SNP\u003c/code\u003e and \u003ccode\u003eMetal-QEMU-SNP-GPU\u003c/code\u003e platforms to version 1.18.0 or later to incorporate the kernel patch.\u003c/li\u003e\n\u003cli\u003eMonitor host systems for suspicious ACPI table modifications using custom scripts or host-based intrusion detection systems (no specific rule provided, but ACPI table modification events should be logged where possible).\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-03-27T12:00:00Z","date_published":"2026-03-27T12:00:00Z","id":"/briefs/2026-03-badaml-injection/","summary":"The BadAML injection attack allows arbitrary code execution in confidential VMs by exploiting the ACPI interface, enabling attackers with host control to execute malicious AML code within the guest.","title":"BadAML Injection Allows Arbitrary Code Execution in Confidential VMs","url":"https://feed.craftedsignal.io/briefs/2026-03-badaml-injection/"}],"language":"en","title":"CraftedSignal Threat Feed — Confidential-Computing","version":"https://jsonfeed.org/version/1.1"}