A significant software vulnerability affecting AMD's EPYC processors has been uncovered, posing a serious threat to confidential computing environments. Researchers from ETH Zurich revealed the exploit, named "Fabricked," which undermines the security mechanisms designed to protect sensitive virtual machine memory from malicious cloud hosts. The findings highlight flaws in AMD's Infinity Fabric interconnect, which are essential for ensuring the integrity and confidentiality of virtual machines.
The Issue at Hand
In a paper presented at the USENIX Security 2026 conference, the researchers detailed how the attack circumvents AMD's Secure Encrypted Virtualization with Secure Nested Paging (SEV-SNP) protections. This technology is intended to safeguard data by creating hardware-isolated confidential virtual machines (CVMs), where data is encrypted, and access is tightly controlled by a specialized security processor known as the Platform Security Processor (PSP).
The vulnerability arises during the CPU's boot process, specifically through the management of memory routing by the Infinity Fabric. The exploit allows a malicious UEFI firmware to bypass crucial configuration steps that lock down memory access, leaving the data layer vulnerable even after SEV-SNP is supposed to be active.
Technical Breakdown of the Exploit
The exploit operates on a dual-layer mechanism. Initially, it exploits the motherboard firmware's role in initializing the Infinity Fabric. Since AMD's security model considers this firmware untrusted, attackers can manipulate it to prevent the PSP from securing the memory routing registers.
Following this, the researchers found that memory requests made by the PSP were not adequately validated against standard routing rules. This oversight allows attackers to craft mappings that shadow the Reverse Map Table (RMP), a critical component responsible for managing access controls. Consequently, the PSP's initialization becomes ineffective, granting the hypervisor full read and write access to memory areas that should remain protected.
During their research, the ETH Zurich team demonstrated two specific attack vectors. The first involved enabling debug mode on a production CVM post-attestation, effectively granting the hypervisor unrestricted access to decrypt the virtual machine's memory without detection. The second attack involved forging cryptographic attestation reports, allowing a compromised image to masquerade as a legitimate, trusted instance.
AMD's Response and Mitigation Steps
The vulnerability, assigned CVE-2025-54510 by AMD, was acknowledged following a responsible disclosure in August 2025. AMD subsequently issued security guidance and firmware updates for its Zen 3, Zen 4, and Zen 5 EPYC platforms to address the flaw. Organizations running workloads on AMD's confidential computing platforms are urged to confirm with their cloud providers that the latest firmware patches have been implemented.
While home users and standard cloud workloads not utilizing SEV-SNP are not affected, the exposure of this vulnerability raises broader concerns about cloud infrastructure security. As confidential computing becomes increasingly vital in protecting sensitive data, the implications of such vulnerabilities could undermine trust in cloud service providers.
This incident underscores the need for stable security practices in cloud environments and continuous monitoring for potential vulnerabilities. As cloud computing evolves, organizations must remain vigilant and proactive in their security measures to guard against similar threats in the future.
