Fabricked: The 100% Deterministic Attack Breaking AMD’s Confidential Computing Vault
Ddos 
Schematic overview of the Infinity Fabric
In the high-stakes world of cloud security, the promise of Confidential Computing is simple: your data should be safe even from the person owning the server. However, researchers from ETH Zurich—Chris Wech, Benedict Schlüter, and Shweta Shinde—have just released a report detailing a novel attack that turns this premise on its head.
The vulnerability, dubbed “Fabricked” and assigned CVE-2025-54510, targets AMD’s Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP), the hardware cornerstone designed to isolate sensitive workloads in the cloud.
At the heart of modern AMD System-on-Chips (SoCs) is the Infinity Fabric, a high-speed interconnect that links various chiplets together. The Fabricked attack exploits a critical design oversight in how this fabric handles memory routing during the early stages of system initialization.
According to the report, the exploit works by manipulating these routing rules:
“By redirecting memory transactions, a malicious hypervisor can deceive the secure co-processor (PSP) into improperly initializing SEV-SNP”.
When the Platform Security Processor (PSP) attempts to set up the Reverse Map Table (RMP)—the structure that enforces memory isolation—the hypervisor silently misroutes those writes to the wrong parts of the DRAM. This results in an RMP with “insecure default entries,” essentially leaving the vault door unlocked from the moment it is built.
What makes Fabricked particularly terrifying for cloud tenants is its reliability and stealth. Unlike many hardware exploits that rely on complex timing or probabilistic “glitching,” this is a fully deterministic, software-only exploit with a 100% success probability.
Once the RMP is compromised during the SNP_INIT phase, the hardware’s security guarantees are effectively neutralized. The researchers warn that:
“Successive CVM launches subsequently on the platform, the hypervisor can access its memory as the RMP enforcement is useless for all practical purposes”.
A malicious cloud provider could perform arbitrary read and write access within the address space of a Confidential Virtual Machine (CVM), completely breaking data privacy and integrity.
The researchers confirmed the vulnerability on AMD Zen 5 EPYC processors, but the scope of the risk extends further back.
| Processor Generation | Status |
| Zen 5 (EPYC) | Confirmed Vulnerable |
| Zen 4 | Firmware Update Issued |
| Zen 3 | Firmware Update Issued |
Following a responsible disclosure period that began in August 2025, AMD has released critical firmware updates to address the flaw. The embargo was officially lifted on April 14, 2026.
Support Our Threat Intelligence
If you find our CVE report and cybersecurity news helpful, consider supporting our work.
Buy Me a Coffee
PayPal
