Conjuring Hardware Failures to Breach CPU Privilege Boundaries
Black Hat USA 2025 · Day 1 · Briefings
Christopher Domas demonstrates MCEhammer, a novel exploitation technique that generates on-demand Machine Check Exceptions (MCEs) entirely from software, then uses them to interrupt AMD CPUs during System Management Mode (SMM) privilege transitions — achieving code execution at the deepest firmware privilege level. The attack exploits a design characteristic where AMD CPUs enter SMM with an unmodified Interrupt Descriptor Table, meaning an attacker who controls the IDT can redirect a machine check exception handler to malicious code executing with SMM privileges. ---
AI review
Christopher Domas built a software tool that generates real machine check exceptions on demand and used them to breach SMM on AMD CPUs by targeting a 100-cycle window during SMM entry. Novel primitives, live demo, architectural depth. This is what "ring -2" research actually looks like — no hand-waving, just a fuzzer, a northbridge, and a deliberately misaligned MMIO access used as a hardware time-fuse.