Fabricked is a novel, software-based attack that manipulates memory routing to compromise AMD SEV-SNP (Secure Encrypted Virtualization-Secure Nested Paging). By redirecting memory transactions via the Infinity Fabric, a malicious hypervisor can deceive the AMD Secure Processor (PSP) into improperly initializing SEV-SNP.
This enables an attacker to perform arbitrary read and write operations within the Confidential Virtual Machine's (CVM) address space, completely breaking SEV-SNP's core security guarantees.
- Deterministic: 100% success probability.
- Software-Only: Requires no physical access to the hardware.
- Independent: Does not rely on any code execution inside the victim CVM.
This organization hosts the code, research data, and documentation associated with the Fabricked vulnerability.
fabricked-attack.github.io: The source code for our informational landing page.fabricked-poc: Proof-of-concept exploit code demonstrating the Infinity Fabric misconfiguration on AMD Zen 5 EPYC processors.
Our research has been accepted at the 35th USENIX Security Symposium (USENIX Security '26).
@inproceedings{schlueter2026fabricked,
title={{Fabricked: Misconfiguring Infinity Fabric to Break AMD SEV-SNP}},
author={Benedict Schl{\"u}ter and Christoph Wech and Shweta Shinde},
booktitle={35th USENIX Security Symposium (USENIX Security 26)},
year={2026},
month = aug,
address = {Baltimore, MD},
publisher = {USENIX Association},
}