A team of academic researchers from Georgia Tech and Purdue University has unveiled a new side-channel attack, dubbed TEE.Fail, that can extract cryptographic secrets from the Trusted Execution Environments (TEEs) embedded in modern CPUs. The attack targets the secure regions of processors such as Intel SGX and TDX and AMD SEV-SNP that are designed to safeguard sensitive data from even the operating system.
TEE.Fail leverages a memory-bus interposition attack on DDR5-based systems, exploiting design weaknesses in newer confidential computing architectures. Unlike previous DDR4 attacks such as WireTap and BatteringRAM, this is the first method proven effective on DDR5. According to the researchers, the entire setup costs less than $1,000.
Intel and AMD’s transition to DDR5 memory introduced deterministic AES-XTS encryption but removed memory integrity and replay protections, leaving TEEs exposed to ciphertext analysis.
As part of experiments, the researchers built a custom DDR5 interposer and logic analyzer to observe encrypted data as it moved between the CPU and memory. By lowering the memory clock speed and capturing ciphertext patterns, they confirmed that DDR5 encryption was deterministic, meaning the same plaintext always produces the same ciphertext. This allowed them to map encrypted values to plaintext data, recover nonces, and eventually reconstruct private cryptographic keys.
The research team disclosed their findings to Intel (April 2025), NVIDIA (June 2025), and AMD (August 2025). All three companies acknowledged the issue and are assessing its impact. Intel and NVIDIA are reportedly preparing public statements, while AMD has already issued a bulletin indicating that it does not plan mitigations, citing physical-access attacks as out of scope.