Researchers attack AMD’s Infinity Fabric to bypass hardware security protections with ‘Fabricked’ — flaw lets malicious cloud hosts silently read confidential V

Researchers attack AMD's Infinity Fabric to bypass hardware security protections with 'Fabricked' — flaw lets malicious cloud hosts silently read confidential V

Confidential computing protections can reportedly be broken before they even finish initializing

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works .

The researchers presented the findings as part of a USENIX Security 2026 paper, describing the exploit as fully deterministic with a 100% success rate, without a need for physical access and no code execution inside the victim VM.

Confidential computing exists to address a fundamental trust problem in cloud infrastructure: tenants often have no way to verify that a cloud provider isn't accessing their data. AMD SEV-SNP addresses this by creating hardware-isolated Confidential Virtual Machines, where memory is encrypted and access-controlled by a dedicated on-chip security processor called the PSP. To enforce those boundaries, SEV-SNP relies on a structure called the Reverse Map Table — a per-page access control table stored in memory — which the PSP initializes securely during boot. Attestation, the mechanism by which tenants cryptographically verify their environment is genuine and untampered, depends on that chain holding. This is what Fabricked breaks.

New 'GeForge' and 'GDDRHammer' attacks can fully infiltrate your system through Nvidia's GPU memory

First Apple M5 memory exploit discovered using Anthropic AI, gives root access on MacOS

CISA flags actively exploited ‘Copy Fail’ Linux kernel flaw enabling root takeover across major distros

The technique hinges on a component most users will never think about: the Infinity Fabric, AMD's internal chiplet interconnect responsible for routing memory traffic between CPU cores, memory controllers, and peripheral devices. Because platform configurations vary across hardware, parts of the Infinity Fabric must be configured during each boot sequence by the motherboard firmware — the UEFI. In AMD's own threat model, that firmware is explicitly untrusted, since cloud providers control it.

The researchers found that the UEFI is responsible for issuing two PSP API calls that lock down Infinity Fabric configuration registers after initialization. A malicious UEFI can simply skip them, leaving the Data Fabric — the memory routing layer within Infinity Fabric — writable by the attacker even after SEV-SNP has activated.

From there, the exploit leverages a second, subtler flaw. The researchers found that PSP memory requests were incorrectly checked against MMIO routing rules — rules normally reserved for hardware device communication — before standard DRAM routing rules were applied. By configuring those MMIO mappings to shadow the RMP's memory region, the attacker causes the PSP's initialization writes to be silently discarded. The RMP never gets properly set up, but SEV-SNP reports successful initialization anyway. The platform believes the system is secure when it is not.

With an uninitialized RMP under attacker control, the hypervisor can read and write arbitrary CVM memory. The researchers demonstrated two concrete exploits: enabling debug mode on a production CVM after attestation — giving the hypervisor the ability to decrypt arbitrary VM memory, undetected by the guest — and forging attestation reports wholesale, allowing a malicious image to pass as a trusted one.

Get Tom's Hardware's best news and in-depth reviews, straight to your inbox.

Key considerations

Investor positioning can change fast
Volatility remains possible near catalysts
Macro rates and liquidity can dominate flows

Reference reading

More on this site

Informational only. No financial advice. Do your own research.

Key considerations

Reference reading

More on this site

Related posts:

Leave a Comment Cancel reply