Skip to content
Tech News
← Back to articles

Fabricked: Misconfiguring Infinity Fabric to Break AMD SEV-SNP

2026-05-17 | original
read original more articles
Why This Matters

The Fabricked attack highlights a critical vulnerability in AMD's SEV-SNP technology, which is designed to secure confidential virtual machines in cloud environments. By exploiting the Infinity Fabric's configuration, malicious actors can bypass hardware security measures, potentially compromising sensitive data and undermining trust in hardware-based encryption solutions. This discovery underscores the importance of rigorous security assessments for hardware architectures supporting confidential computing.

Key Takeaways

On this page

Fabricked Misconfiguring Infinity Fabric to Break AMD SEV-SNP

(USENIX Security 2026) Paper Source Citation

Confidential computing allows cloud tenants to offload sensitive computations and data to remote resources without needing to trust the cloud service provider. Hardware-based trusted execution environments, like AMD SEV-SNP, achieve this by creating Confidential Virtual Machines (CVMs). With Fabricked, we present a novel software-based attack that manipulates memory routing to compromise AMD SEV-SNP. By redirecting memory transactions, a malicious hypervisor can deceive the secure co-processor (PSP) into improperly initializing SEV-SNP. This enables the attacker to perform arbitrary read and write accesses within the CVM address space, thus breaking SEV-SNP core security guarantees.

What is AMD SEV-SNP?#

Standard cloud environments expose tenant computation and data in use to potentially untrusted cloud service providers. Confidential computing addresses this by using Confidential Virtual Machines (CVMs): hardware-shielded environments that isolate active workloads and guarantee complete data privacy from the host. Secure Encrypted Virtualization-Secure Nested Paging (SEV-SNP) is an AMD hardware extension that enables CVMs on AMD server CPUs.

What is the Infinity Fabric?#

Modern AMD System-on-Chips (SoCs) use a chiplet-based architecture. The core idea is to manufacture individual CPU blocks on separate dies and link them together via a high-speed interconnect. While this design significantly improves manufacturing yields, it also introduces complexity in inter-component communication. AMD addresses this with the Infinity Fabric, which is responsible for coherent data transport, memory routing, and address mapping across CPU cores, memory controllers, and peripheral devices. Because platform configurations vary between different systems and boot sequences, the Infinity Fabric must be dynamically configured during every CPU boot sequence. AMD delegates parts of this configuration process to the motherboard firmware, also known as BIOS or UEFI.

Illustration 1: Schematic overview of the Infinity Fabric.

Fabricked Overview#

... continue reading

Explore topics: amd sev-snp infinity fabric confidential computing usenix security amd server
Related:
ZenTimings provides a detailed view of RAM timings on Ryzen systems

© 2026 GoKawiil

About | Editorial Policy | Contact