TL;DR
A new vulnerability called Fabricked allows malicious hypervisors to reconfigure AMD’s Infinity Fabric, bypassing SEV-SNP protections. This fully software-only attack affects recent AMD processors and enables unauthorized memory access in confidential virtual machines.
Researchers at USENIX Security 2026 have disclosed a novel software-based attack called Fabricked that exploits misconfigurations in AMD’s Infinity Fabric to bypass SEV-SNP security protections, potentially allowing hypervisors to access confidential VM memory.
The Fabricked attack targets AMD’s hardware extension for confidential computing, SEV-SNP, which isolates virtual machine memory from the host environment. The attack hinges on manipulating the Infinity Fabric, a high-speed interconnect responsible for data routing between CPU cores, memory controllers, and the secure co-processor (PSP). Researchers identified that the untrusted UEFI firmware, which controls the Infinity Fabric configuration, can be modified by a malicious hypervisor to skip critical setup routines.
By doing so, the attacker can re-route memory transactions during SEV-SNP initialization, specifically corrupting the setup of the RMP (Memory Access Control) data structure. This results in the RMP remaining uninitialized or insecure, allowing the hypervisor to access protected VM memory after startup. The attack is deterministic, requires no physical access, and has been confirmed on AMD Zen 5 EPYC processors, with indications it affects Zen 3 and Zen 4 as well.
Why It Matters
This vulnerability undermines the core security guarantees of AMD’s SEV-SNP, which is designed to protect sensitive data in cloud environments. If exploited, it could enable malicious hypervisors to read or modify confidential VM data, posing a serious risk to cloud security and data privacy. Since the attack operates entirely through software and firmware modifications, it is highly practical for adversaries with control over UEFI and hypervisor privileges.
AMD Ryzen Zen 5 processor security
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
AMD’s SEV-SNP is a hardware extension that creates isolated environments called Confidential Virtual Machines (CVMs) by encrypting VM memory and enforcing access controls. The security relies on proper initialization of the RMP via the PSP during startup. The Infinity Fabric, introduced with AMD’s chiplet architecture, manages data routing between CPU components and is configured during system boot. Prior to this disclosure, vulnerabilities in firmware and configuration processes had been considered, but Fabricked reveals a new vector exploiting the fabric’s configuration process itself.
“Fabricked demonstrates that by maliciously reconfiguring the Infinity Fabric, an attacker can bypass SEV-SNP protections entirely.”
— Research Lead at USENIX Security 2026
“We are investigating the reported vulnerability and will release firmware updates to mitigate the issue.”
— AMD Security Team
confidential virtual machine hardware security
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
While Fabricked has been demonstrated on AMD Zen 5 processors, it is not yet confirmed whether all AMD CPUs with SEV-SNP are equally vulnerable. Details about the full scope of affected hardware and whether future firmware updates fully mitigate the issue remain under investigation.
server motherboard with AMD EPYC processors
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
AMD is expected to release firmware updates addressing the vulnerability. Researchers will continue to analyze the attack’s scope and develop detection methods. Cloud providers and users should monitor AMD’s security advisories for patches and guidance.
firmware update tools for AMD processors
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is the main security flaw exploited by Fabricked?
Fabricked exploits the ability of a malicious hypervisor to reconfigure the Infinity Fabric’s routing rules, preventing proper initialization of the RMP during SEV-SNP setup and enabling memory access bypass.
Who is at risk from this vulnerability?
Cloud tenants using AMD Zen 3, 4, or 5 processors with SEV-SNP enabled are at risk if they run systems with unpatched firmware and a malicious hypervisor with UEFI and hypervisor privileges.
Does this impact all AMD processors?
The vulnerability has been confirmed on Zen 5 processors and is suspected to affect Zen 3 and Zen 4 systems, but AMD has not yet confirmed full scope or provided a complete list of affected models.
Can this attack be performed remotely?
No. The attacker needs control over the hypervisor and UEFI firmware, which generally requires physical or privileged access to the system.
